Home > Archive > LDAP > April 2006 > Multiple SSL connections?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Multiple SSL connections?
|
|
| Bart Parliman 2006-04-28, 7:10 pm |
| In the Net::LDAPS manpage BUGS section there's this ...
"You cannot have more than one LDAPS connection at any one time,
due to restrictions in the underlying Net::SSLeay code."
I've come across a case where I'd really like to query two
separate servers, both with secure connections. (I can't
easily query them in batches.)
Does this limitation apply to using Net::LDAP's start_tls?
Does someone know what "at any one time" means. Perhaps one of
these?
- Don't even instantiate two separate objects at the same time
- Don't try to bind to two separate servers at the same time
- Don't try two concurrent queries (e.g. not thread safe)
I'm mainly trying to figure out a known safe way of coding this.
If possible, I'd like to avoid forking a child to perform queries
and having to ship data between processes.
Thanks,
Bart Parliman
| |
| Chris Ridd 2006-04-29, 4:08 am |
| On 28/4/06 7:18, Bart Parliman <bartp@lanl.gov> wrote:
> In the Net::LDAPS manpage BUGS section there's this ...
>
> "You cannot have more than one LDAPS connection at any one time,
> due to restrictions in the underlying Net::SSLeay code."
>
> I've come across a case where I'd really like to query two
> separate servers, both with secure connections. (I can't
> easily query them in batches.)
>
> Does this limitation apply to using Net::LDAP's start_tls?
It would, yes.
> Does someone know what "at any one time" means. Perhaps one of
> these?
Well, I wrote the code (and that documentation) quite a long time ago. The
warning may no longer be correct.
I think the reason behind it was that there was some kind of global context
object used in Net::SSLeay which definitely isn't the sort of thing you'd
want to share between two connections.
But that's just going from memory. A pretty quick glance at the current
Net::SSLeay code doesn't reveal anything like this. Maybe it got fixed, or
maybe I was imagining the problem before.
> - Don't even instantiate two separate objects at the same time
>
> - Don't try to bind to two separate servers at the same time
>
> - Don't try two concurrent queries (e.g. not thread safe)
Almost certainly bad. I'm not sure Net::LDAP is thread-safe.
> I'm mainly trying to figure out a known safe way of coding this.
> If possible, I'd like to avoid forking a child to perform queries
> and having to ship data between processes.
That would of course work. However, the warning about Net::SSLeay might now
be bogus, so try out multiple connections...
Cheers,
Chris
|
|
|
|
|