diff options
author | Rob Crittenden <rcritten@redhat.com> | 2012-01-26 16:32:29 -0500 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-01-30 10:34:23 +0100 |
commit | 46a472ef20ae3b25a2e4c4f92b26127e73f8f7a4 (patch) | |
tree | 3fb57b27d5b9b45d572a55e35e06336866ac5795 | |
parent | 6863b8fe409f6f267597955376e20df21cfd2dae (diff) | |
download | freeipa.git-46a472ef20ae3b25a2e4c4f92b26127e73f8f7a4.tar.gz freeipa.git-46a472ef20ae3b25a2e4c4f92b26127e73f8f7a4.tar.xz freeipa.git-46a472ef20ae3b25a2e4c4f92b26127e73f8f7a4.zip |
Don't try to bind on TLS failure
We have bind code that can handle the case where a server hasn't
come up yet. It needs to handle a real connection failure such
as the TLS hostname not matching. If we try to bind anyway we end
up with a segfault in openldap.
https://fedorahosted.org/freeipa/ticket/2301
-rw-r--r-- | ipaserver/ipaldap.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index e2b74865..acaea266 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -346,7 +346,9 @@ class IPAdmin(IPAEntryLDAPObject): try: bind_func(*args, **kwargs) except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e: - if not timeout: + if not timeout or 'TLS' in e.args[0].get('info', ''): + # No connection to continue on if we have a TLS failure + # https://bugzilla.redhat.com/show_bug.cgi?id=784989 raise e try: self.__wait_for_connection(timeout) |