Multiple SSL connections?

In the Net::LDAPS manpage BUGS section there's this ...

"You cannot have more than one LDAPS connection at any one time, 
due to restrictions in the underlying Net::SSLeay code."

I've come across a case where I'd really like to query two 
separate servers, both with secure connections.  (I can't 
easily query them in batches.)

Does this limitation apply to using Net::LDAP's start_tls?

Does someone know what "at any one time" means.  Perhaps one of 
these?

- Don't even instantiate two separate objects at the same time

- Don't try to bind to two separate servers at the same time

- Don't try two concurrent queries (e.g. not thread safe)

I'm mainly trying to figure out a known safe way of coding this. 
If possible, I'd like to avoid forking a child to perform queries 
and having to ship data between processes.

Thanks,
Bart Parliman
0
bartp
4/28/2006 6:18:03 PM
perl.ldap 1254 articles. 0 followers. Follow

1 Replies
287 Views

Similar Articles

[PageSpeed] 49

On 28/4/06 7:18, Bart Parliman <bartp@lanl.gov> wrote:

> In the Net::LDAPS manpage BUGS section there's this ...
> 
> "You cannot have more than one LDAPS connection at any one time,
> due to restrictions in the underlying Net::SSLeay code."
> 
> I've come across a case where I'd really like to query two
> separate servers, both with secure connections.  (I can't
> easily query them in batches.)
> 
> Does this limitation apply to using Net::LDAP's start_tls?

It would, yes.

> Does someone know what "at any one time" means.  Perhaps one of
> these?

Well, I wrote the code (and that documentation) quite a long time ago. The
warning may no longer be correct.

I think the reason behind it was that there was some kind of global context
object used in Net::SSLeay which definitely isn't the sort of thing you'd
want to share between two connections.

But that's just going from memory. A pretty quick glance at the current
Net::SSLeay code doesn't reveal anything like this. Maybe it got fixed, or
maybe I was imagining the problem before.

> - Don't even instantiate two separate objects at the same time
>
> - Don't try to bind to two separate servers at the same time
>
> - Don't try two concurrent queries (e.g. not thread safe)

Almost certainly bad. I'm not sure Net::LDAP is thread-safe.

> I'm mainly trying to figure out a known safe way of coding this.
> If possible, I'd like to avoid forking a child to perform queries
> and having to ship data between processes.

That would of course work. However, the warning about Net::SSLeay might now
be bogus, so try out multiple connections...

Cheers,

Chris


0
chrisridd
4/29/2006 6:20:21 AM
Reply: