Attachment 25855 Details for Bug 49717 – 2.0 branch

[patch] 2.0 branch

ssl_timeout-2.0.x.diff (text/plain), 4.92 KB, created by Andrew C. Oliver on 2010-08-06 12:18:56 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew C. Oliver

Created: 2010-08-06 12:18:56 UTC

Size: 4.92 KB

patch

obsolete

>Index: server/core.c
>===================================================================
>--- server/core.c	(revision 960078)
>+++ server/core.c	(working copy)
>@@ -4504,6 +4504,7 @@
> {
>     core_net_rec *net = apr_palloc(c->pool, sizeof(*net));
>     apr_status_t rv;
>+    apr_interval_time_t old_time;
> 
> #ifdef AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
>     /* BillS says perhaps this should be moved to the MPMs. Some OSes
>@@ -4533,14 +4534,27 @@
>      * is not initialized correctly, Linux - for example - will
>      * be initially blocking, while Solaris will be non blocking
>      * and any initial read will fail.
>+     *
>+     * If this timeout has already been set, don't set it again.
>+     * This prevents overwriting of other modules' timeout options.
>+     *
>      */
>-    rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>-    if (rv != APR_SUCCESS) {
>-        /* expected cause is that the client disconnected already */
>+    rv = apr_socket_timeout_get(csd, &old_time);
>+    if(rv != APR_SUCCESS) {
>+        /* not sure why this would fail */
>         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>-                     "apr_socket_timeout_set");
>+                      "apr_socket_timeout_get");
>     }
> 
>+    if(old_time == apr_time_from_sec(0)) {
>+        rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>+        if (rv != APR_SUCCESS) {
>+            /* expected cause is that the client disconnected already */
>+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                          "apr_socket_timeout_set");
>+        }
>+    }
>+
>     net->c = c;
>     net->in_ctx = NULL;
>     net->out_ctx = NULL;
>Index: modules/ssl/ssl_engine_config.c
>===================================================================
>--- modules/ssl/ssl_engine_config.c	(revision 960078)
>+++ modules/ssl/ssl_engine_config.c	(working copy)
>@@ -176,7 +176,8 @@
>     sc->vhost_id               = NULL;  /* set during module init */
>     sc->vhost_id_len           = 0;     /* set during module init */
>     sc->session_cache_timeout  = UNSET;
>-
>+    sc->timeout                = 0;
>+    
>     modssl_ctx_init_proxy(sc, p);
> 
>     modssl_ctx_init_server(sc, p);
>@@ -260,7 +261,8 @@
>     cfgMergeBool(enabled);
>     cfgMergeBool(proxy_enabled);
>     cfgMergeInt(session_cache_timeout);
>-
>+    cfgMergeInt(timeout);
>+    
>     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
> 
>     modssl_ctx_cfg_merge_server(base->server, add->server, mrg->server);
>@@ -333,6 +335,15 @@
>  *  Configuration functions for particular directives
>  */
> 
>+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd,
>+                             void *dcfg,
>+                             const char *arg)
>+{
>+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
>+    sc->timeout = apr_time_from_sec(atoi(arg));
>+    return NULL;
>+}
>+
> const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
>                              void *dcfg,
>                              const char *arg)
>Index: modules/ssl/mod_ssl.c
>===================================================================
>--- modules/ssl/mod_ssl.c	(revision 960078)
>+++ modules/ssl/mod_ssl.c	(working copy)
>@@ -136,6 +136,9 @@
>                 "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
>     SSL_CMD_ALL(UserName, TAKE1,
> 		"Set user name to SSL variable value")
>+    SSL_CMD_SRV(Timeout, TAKE1,
>+                "SSL connection lifetime "
>+                "(`N' - number of seconds)")
> 
>     /* 
>      * Proxy configuration for remote SSL connections
>@@ -276,6 +279,7 @@
>     SSLConnRec *sslconn = myConnConfig(c);
>     char *vhost_md5;
>     modssl_ctx_t *mctx;
>+    apr_status_t rv;
> 
>     /*
>      * Immediately stop processing if SSL is disabled for this connection
>@@ -330,6 +334,14 @@
>         return DECLINED; /* XXX */
>     }
> 
>+    /* Set the SSL connection timeout. */
>+    rv = apr_socket_timeout_set(csd, sc->timeout);
>+    if(rv != APR_SUCCESS) {
>+        /* expected cause is that the client disconnected already */
>+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                      "Unable to set timeout on SSL socket");
>+    }
>+
>     vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
>                               sc->vhost_id_len);
> 
>Index: modules/ssl/mod_ssl.h
>===================================================================
>--- modules/ssl/mod_ssl.h	(revision 960078)
>+++ modules/ssl/mod_ssl.h	(working copy)
>@@ -498,6 +498,7 @@
>     int              session_cache_timeout;
>     modssl_ctx_t    *server;
>     modssl_ctx_t    *proxy;
>+    apr_interval_time_t timeout;
> };
> 
> /*
>@@ -571,6 +572,7 @@
> const char  *ssl_cmd_SSLProxyCARevocationFile(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLProxyMachineCertificatePath(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
>+const char  *ssl_cmd_SSLTimeout(cmd_parms *, void *, const char *);
> 
> /*  module initialization  */
> int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);

Actions: View | Diff

Attachments on bug 49717: 25855 | 25856 | 25857