ASF Bugzilla – Attachment 25855 Details for
Bug 49717
PATCH: Enable SSL Timeout
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2.0 branch
ssl_timeout-2.0.x.diff (text/plain), 4.92 KB, created by
Andrew C. Oliver
on 2010-08-06 12:18:56 UTC
(
hide
)
Description:
2.0 branch
Filename:
MIME Type:
Creator:
Andrew C. Oliver
Created:
2010-08-06 12:18:56 UTC
Size:
4.92 KB
patch
obsolete
>Index: server/core.c >=================================================================== >--- server/core.c (revision 960078) >+++ server/core.c (working copy) >@@ -4504,6 +4504,7 @@ > { > core_net_rec *net = apr_palloc(c->pool, sizeof(*net)); > apr_status_t rv; >+ apr_interval_time_t old_time; > > #ifdef AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK > /* BillS says perhaps this should be moved to the MPMs. Some OSes >@@ -4533,14 +4534,27 @@ > * is not initialized correctly, Linux - for example - will > * be initially blocking, while Solaris will be non blocking > * and any initial read will fail. >+ * >+ * If this timeout has already been set, don't set it again. >+ * This prevents overwriting of other modules' timeout options. >+ * > */ >- rv = apr_socket_timeout_set(csd, c->base_server->timeout); >- if (rv != APR_SUCCESS) { >- /* expected cause is that the client disconnected already */ >+ rv = apr_socket_timeout_get(csd, &old_time); >+ if(rv != APR_SUCCESS) { >+ /* not sure why this would fail */ > ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >- "apr_socket_timeout_set"); >+ "apr_socket_timeout_get"); > } > >+ if(old_time == apr_time_from_sec(0)) { >+ rv = apr_socket_timeout_set(csd, c->base_server->timeout); >+ if (rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "apr_socket_timeout_set"); >+ } >+ } >+ > net->c = c; > net->in_ctx = NULL; > net->out_ctx = NULL; >Index: modules/ssl/ssl_engine_config.c >=================================================================== >--- modules/ssl/ssl_engine_config.c (revision 960078) >+++ modules/ssl/ssl_engine_config.c (working copy) >@@ -176,7 +176,8 @@ > sc->vhost_id = NULL; /* set during module init */ > sc->vhost_id_len = 0; /* set during module init */ > sc->session_cache_timeout = UNSET; >- >+ sc->timeout = 0; >+ > modssl_ctx_init_proxy(sc, p); > > modssl_ctx_init_server(sc, p); >@@ -260,7 +261,8 @@ > cfgMergeBool(enabled); > cfgMergeBool(proxy_enabled); > cfgMergeInt(session_cache_timeout); >- >+ cfgMergeInt(timeout); >+ > modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); > > modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server); >@@ -333,6 +335,15 @@ > * Configuration functions for particular directives > */ > >+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, >+ void *dcfg, >+ const char *arg) >+{ >+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); >+ sc->timeout = apr_time_from_sec(atoi(arg)); >+ return NULL; >+} >+ > const char *ssl_cmd_SSLMutex(cmd_parms *cmd, > void *dcfg, > const char *arg) >Index: modules/ssl/mod_ssl.c >=================================================================== >--- modules/ssl/mod_ssl.c (revision 960078) >+++ modules/ssl/mod_ssl.c (working copy) >@@ -136,6 +136,9 @@ > "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") > SSL_CMD_ALL(UserName, TAKE1, > "Set user name to SSL variable value") >+ SSL_CMD_SRV(Timeout, TAKE1, >+ "SSL connection lifetime " >+ "(`N' - number of seconds)") > > /* > * Proxy configuration for remote SSL connections >@@ -276,6 +279,7 @@ > SSLConnRec *sslconn = myConnConfig(c); > char *vhost_md5; > modssl_ctx_t *mctx; >+ apr_status_t rv; > > /* > * Immediately stop processing if SSL is disabled for this connection >@@ -330,6 +334,14 @@ > return DECLINED; /* XXX */ > } > >+ /* Set the SSL connection timeout. */ >+ rv = apr_socket_timeout_set(csd, sc->timeout); >+ if(rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "Unable to set timeout on SSL socket"); >+ } >+ > vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id, > sc->vhost_id_len); > >Index: modules/ssl/mod_ssl.h >=================================================================== >--- modules/ssl/mod_ssl.h (revision 960078) >+++ modules/ssl/mod_ssl.h (working copy) >@@ -498,6 +498,7 @@ > int session_cache_timeout; > modssl_ctx_t *server; > modssl_ctx_t *proxy; >+ apr_interval_time_t timeout; > }; > > /* >@@ -571,6 +572,7 @@ > const char *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *); >+const char *ssl_cmd_SSLTimeout(cmd_parms *, void *, const char *); > > /* module initialization */ > int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49717
: 25855 |
25856
|
25857