Attachment 25856 Details for Bug 49717 – 2.2 branch

[patch] 2.2 branch

ssl_timeout-2.2.x.diff (text/plain), 5.16 KB, created by Andrew C. Oliver on 2010-08-06 12:19:44 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew C. Oliver

Created: 2010-08-06 12:19:44 UTC

Size: 5.16 KB

patch

obsolete

>Index: server/core.c
>===================================================================
>--- server/core.c	(revision 959695)
>+++ server/core.c	(working copy)
>@@ -3956,14 +3956,28 @@
>      * is not initialized correctly, Linux - for example - will
>      * be initially blocking, while Solaris will be non blocking
>      * and any initial read will fail.
>+     *
>+     * If this timeout has already been set, don't set it again.
>+     * This prevents overwriting of other modules' timeout options.
>+     *
>      */
>-    rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>-    if (rv != APR_SUCCESS) {
>-        /* expected cause is that the client disconnected already */
>+    
>+    rv = apr_socket_timeout_get(csd, &old_time);
>+    if(rv != APR_SUCCESS) {
>+        /* not sure why this would fail */
>         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>-                      "apr_socket_timeout_set");
>+                      "apr_socket_timeout_get");
>     }
> 
>+    if(old_time == apr_time_from_sec(0)) {
>+        rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>+        if (rv != APR_SUCCESS) {
>+            /* expected cause is that the client disconnected already */
>+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                          "apr_socket_timeout_set");
>+        }
>+    }
>+
>     net->c = c;
>     net->in_ctx = NULL;
>     net->out_ctx = NULL;
>Index: modules/ssl/ssl_private.h
>===================================================================
>--- modules/ssl/ssl_private.h	(revision 959695)
>+++ modules/ssl/ssl_private.h	(working copy)
>@@ -476,6 +476,7 @@
>     modssl_ctx_t    *proxy;
>     ssl_enabled_t    proxy_ssl_check_peer_expire;
>     ssl_enabled_t    proxy_ssl_check_peer_cn;
>+    apr_interval_time_t timeout;
> #ifndef OPENSSL_NO_TLSEXT
>     ssl_enabled_t    strict_sni_vhost_check;
> #endif
>@@ -561,6 +562,7 @@
> const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLProxyCheckPeerExpire(cmd_parms *cmd, void *dcfg, int flag);
> const char  *ssl_cmd_SSLProxyCheckPeerCN(cmd_parms *cmd, void *dcfg, int flag);
>+const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
> 
> /**  module initialization  */
> int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
>Index: modules/ssl/ssl_engine_config.c
>===================================================================
>--- modules/ssl/ssl_engine_config.c	(revision 959695)
>+++ modules/ssl/ssl_engine_config.c	(working copy)
>@@ -168,6 +168,7 @@
>     sc->vhost_id               = NULL;  /* set during module init */
>     sc->vhost_id_len           = 0;     /* set during module init */
>     sc->session_cache_timeout  = UNSET;
>+    sc->timeout                = 0;
>     sc->cipher_server_pref     = UNSET;
>     sc->insecure_reneg         = UNSET;
>     sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
>@@ -262,6 +263,7 @@
>     cfgMerge(enabled, SSL_ENABLED_UNSET);
>     cfgMergeBool(proxy_enabled);
>     cfgMergeInt(session_cache_timeout);
>+    cfgMergeInt(timeout);
>     cfgMergeBool(cipher_server_pref);
>     cfgMergeBool(insecure_reneg);
>     cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
>@@ -346,6 +348,15 @@
>  *  Configuration functions for particular directives
>  */
> 
>+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd,
>+                             void *dcfg,
>+                             const char *arg)
>+{
>+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
>+    sc->timeout = apr_time_from_sec(atoi(arg));
>+    return NULL;
>+}
>+
> const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
>                              void *dcfg,
>                              const char *arg_)
>Index: modules/ssl/mod_ssl.c
>===================================================================
>--- modules/ssl/mod_ssl.c	(revision 959695)
>+++ modules/ssl/mod_ssl.c	(working copy)
>@@ -149,6 +149,9 @@
>                 "Set user name to SSL variable value")
>     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
>                 "Strict SNI virtual host checking")
>+    SSL_CMD_SRV(Timeout, TAKE1,
>+                "SSL connection lifetime "
>+                "(`N' - number of seconds)")
> 
>     /*
>      * Proxy configuration for remote SSL connections
>@@ -366,7 +369,7 @@
>     char *vhost_md5;
>     modssl_ctx_t *mctx;
>     server_rec *server;
>-
>+    
>     if (!sslconn) {
>         sslconn = ssl_init_connection_ctx(c);
>     }
>@@ -395,7 +398,7 @@
> 
>         return DECLINED; /* XXX */
>     }
>-
>+    
>     vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
>                               sc->vhost_id_len);
> 
>@@ -455,7 +458,8 @@
> {
>     SSLSrvConfigRec *sc;
>     SSLConnRec *sslconn = myConnConfig(c);
>-
>+    apr_status_t tv;
>+    
>     if (sslconn) {
>         sc = mySrvConfig(sslconn->server);
>     }
>@@ -482,6 +486,14 @@
>         return DECLINED;
>     }
> 
>+    /* Set the SSL connection timeout. */
>+    rv = apr_socket_timeout_set(csd, sc->timeout);
>+    if(rv != APR_SUCCESS) {
>+      /* expected cause is that the client disconnected already */
>+      ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                    "Unable to set timeout on SSL socket");
>+    }
>+    
>     /*
>      * Remember the connection information for
>      * later access inside callback functions

Actions: View | Diff

Attachments on bug 49717: 25855 | 25856 | 25857