Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot correctly use LdapSessionOptions.StopTransportLayerSecurity without tracking state locally #49726

Open
AnthonyMastrean opened this issue Mar 16, 2021 · 2 comments
Open

Cannot correctly use LdapSessionOptions.StopTransportLayerSecurity without tracking state locally #49726

AnthonyMastrean opened this issue Mar 16, 2021 · 2 comments
Labels
area-System.DirectoryServices enhancement Product code improvement that does NOT require public API changes/additions
Milestone
Future

Comments

@AnthonyMastrean
Copy link

AnthonyMastrean commented Mar 16, 2021
edited
Loading

Description

It's obvious that we should always dispose of an LdapConnection instance via a using statement (or similar).

using (var connection = new LdapConnection(...))
{
    ...
}

To use LDAP with TLS, we're supposed to call the relevant "start" method on the session options instance. I assume, but it's not documented, that we should attempt to stop TLS if we started it. I'm thinking a try...finally block?

using (var connection = new LdapConnection(...))
{
    try
    {
        connection.SessionOptions.StartTransportLayerSecurity(null);
        // use the connection instance... 
    }
    finally
    {
        connection.SessionOptions.StopTransportLayerSecurity();
    }
}

However, if, for whatever reason, it's the start method call that fails leading to the stop method call in the finally block, the stop method will throw a TlsOperationException, which is documented. But, that means, I need to either wrap that call or track a local Boolean.

using (var connection = new LdapConnection(...))
{
    var startedTls = false;
    try
    {
        connection.SessionOptions.StartTransportLayerSecurity(null);
        startedTls = true;
        // use the connection instance... 
    }
    finally
    {
        try
        {
            if (startedTls)
            {
                connection.SessionOptions.StopTransportLayerSecurity();
            }
        }
        catch (TlsOperationException)
        {
            // this catch block intentionally left blank
        }
    }
}

This is kind of a hot mess, right? Is there any way to get a bool returned by the start/stop methods? or for the session options to track this state like it does for "secure socket layer" (if that is, in fact, what is happening there)?

Configuration

.NET 5.0 on Windows 10 and Debian Linux.

Regression?

Other information
@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Mar 16, 2021
@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label.

@joperezr joperezr added enhancement Product code improvement that does NOT require public API changes/additions and removed untriaged New issue has not been triaged by the area owner labels May 13, 2021
@joperezr joperezr added this to the Future milestone May 13, 2021
@ghost ghost added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label May 13, 2021
@joperezr joperezr removed the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label May 13, 2021
@AnthonyMastrean
Copy link
Author

A related issue #54274 discusses adding some of the same state tracking I was thinking about.

@ghost ghost added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Jul 7, 2021
@buyaa-n buyaa-n removed the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Jul 8, 2021
@iinuwa iinuwa mentioned this issue Aug 2, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.DirectoryServices enhancement Product code improvement that does NOT require public API changes/additions
Projects
No open projects
Triage POD for Reflection, META, etc.
Status: Future
Milestone
Future
Development

No branches or pull requests
4 participants
@AnthonyMastrean @jeffschwMSFT @joperezr @buyaa-n