From a36fb055753f3958c2243f7a9285ab44aaa69da2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Pablo=20Villaf=C3=A1=C3=B1ez?=
 <jvillafanez@solidgeargroup.com>
Date: Wed, 12 Feb 2020 13:46:26 +0100
Subject: [PATCH] Include operation timeout to prevent getting stuck if TLS
 connection cannot be verified because of missing CA certificate

---
 lib/Connection.php | 1 +
 lib/Wizard.php     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/lib/Connection.php b/lib/Connection.php
index 53e22cc2c..4259236a5 100644
--- a/lib/Connection.php
+++ b/lib/Connection.php
@@ -598,6 +598,7 @@ private function doConnect($host, $port) {
 		}
 		// Set network timeout threshold to avoid long delays when ldap server cannot be resolved
 		$this->getLDAP()->setOption($this->ldapConnectionRes, LDAP_OPT_NETWORK_TIMEOUT, \intval($this->configuration->ldapNetworkTimeout));
+		$this->getLDAP()->setOption($this->ldapConnectionRes, LDAP_OPT_TIMEOUT, \intval($this->configuration->ldapNetworkTimeout));
 		if (!$this->getLDAP()->isResource($this->ldapConnectionRes)) {
 			$this->ldapConnectionRes = null; // to indicate it really is not set, connect() might have set it to false
 			throw new ServerNotAvailableException("Connect to $host:$port failed");
diff --git a/lib/Wizard.php b/lib/Wizard.php
index c22de9b36..40ca9c108 100644
--- a/lib/Wizard.php
+++ b/lib/Wizard.php
@@ -1176,6 +1176,7 @@ private function getConnection() {
 		$this->getLDAP()->setOption($cr, LDAP_OPT_PROTOCOL_VERSION, 3);
 		$this->getLDAP()->setOption($cr, LDAP_OPT_REFERRALS, 0);
 		$this->getLDAP()->setOption($cr, LDAP_OPT_NETWORK_TIMEOUT, self::LDAP_NW_TIMEOUT);
+		$this->getLDAP()->setOption($cr, LDAP_OPT_TIMEOUT, self::LDAP_NW_TIMEOUT);
 		if ($this->configuration->ldapTLS) {
 			$this->getLDAP()->startTls($cr);
 		}