ASF Bugzilla – Attachment 25856 Details for
Bug 49717
PATCH: Enable SSL Timeout
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2.2 branch
ssl_timeout-2.2.x.diff (text/plain), 5.16 KB, created by
Andrew C. Oliver
on 2010-08-06 12:19:44 UTC
(
hide
)
Description:
2.2 branch
Filename:
MIME Type:
Creator:
Andrew C. Oliver
Created:
2010-08-06 12:19:44 UTC
Size:
5.16 KB
patch
obsolete
>Index: server/core.c >=================================================================== >--- server/core.c (revision 959695) >+++ server/core.c (working copy) >@@ -3956,14 +3956,28 @@ > * is not initialized correctly, Linux - for example - will > * be initially blocking, while Solaris will be non blocking > * and any initial read will fail. >+ * >+ * If this timeout has already been set, don't set it again. >+ * This prevents overwriting of other modules' timeout options. >+ * > */ >- rv = apr_socket_timeout_set(csd, c->base_server->timeout); >- if (rv != APR_SUCCESS) { >- /* expected cause is that the client disconnected already */ >+ >+ rv = apr_socket_timeout_get(csd, &old_time); >+ if(rv != APR_SUCCESS) { >+ /* not sure why this would fail */ > ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >- "apr_socket_timeout_set"); >+ "apr_socket_timeout_get"); > } > >+ if(old_time == apr_time_from_sec(0)) { >+ rv = apr_socket_timeout_set(csd, c->base_server->timeout); >+ if (rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "apr_socket_timeout_set"); >+ } >+ } >+ > net->c = c; > net->in_ctx = NULL; > net->out_ctx = NULL; >Index: modules/ssl/ssl_private.h >=================================================================== >--- modules/ssl/ssl_private.h (revision 959695) >+++ modules/ssl/ssl_private.h (working copy) >@@ -476,6 +476,7 @@ > modssl_ctx_t *proxy; > ssl_enabled_t proxy_ssl_check_peer_expire; > ssl_enabled_t proxy_ssl_check_peer_cn; >+ apr_interval_time_t timeout; > #ifndef OPENSSL_NO_TLSEXT > ssl_enabled_t strict_sni_vhost_check; > #endif >@@ -561,6 +562,7 @@ > const char *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *); > const char *ssl_cmd_SSLProxyCheckPeerExpire(cmd_parms *cmd, void *dcfg, int flag); > const char *ssl_cmd_SSLProxyCheckPeerCN(cmd_parms *cmd, void *dcfg, int flag); >+const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); > > /** module initialization */ > int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); >Index: modules/ssl/ssl_engine_config.c >=================================================================== >--- modules/ssl/ssl_engine_config.c (revision 959695) >+++ modules/ssl/ssl_engine_config.c (working copy) >@@ -168,6 +168,7 @@ > sc->vhost_id = NULL; /* set during module init */ > sc->vhost_id_len = 0; /* set during module init */ > sc->session_cache_timeout = UNSET; >+ sc->timeout = 0; > sc->cipher_server_pref = UNSET; > sc->insecure_reneg = UNSET; > sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET; >@@ -262,6 +263,7 @@ > cfgMerge(enabled, SSL_ENABLED_UNSET); > cfgMergeBool(proxy_enabled); > cfgMergeInt(session_cache_timeout); >+ cfgMergeInt(timeout); > cfgMergeBool(cipher_server_pref); > cfgMergeBool(insecure_reneg); > cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET); >@@ -346,6 +348,15 @@ > * Configuration functions for particular directives > */ > >+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, >+ void *dcfg, >+ const char *arg) >+{ >+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); >+ sc->timeout = apr_time_from_sec(atoi(arg)); >+ return NULL; >+} >+ > const char *ssl_cmd_SSLMutex(cmd_parms *cmd, > void *dcfg, > const char *arg_) >Index: modules/ssl/mod_ssl.c >=================================================================== >--- modules/ssl/mod_ssl.c (revision 959695) >+++ modules/ssl/mod_ssl.c (working copy) >@@ -149,6 +149,9 @@ > "Set user name to SSL variable value") > SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, > "Strict SNI virtual host checking") >+ SSL_CMD_SRV(Timeout, TAKE1, >+ "SSL connection lifetime " >+ "(`N' - number of seconds)") > > /* > * Proxy configuration for remote SSL connections >@@ -366,7 +369,7 @@ > char *vhost_md5; > modssl_ctx_t *mctx; > server_rec *server; >- >+ > if (!sslconn) { > sslconn = ssl_init_connection_ctx(c); > } >@@ -395,7 +398,7 @@ > > return DECLINED; /* XXX */ > } >- >+ > vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id, > sc->vhost_id_len); > >@@ -455,7 +458,8 @@ > { > SSLSrvConfigRec *sc; > SSLConnRec *sslconn = myConnConfig(c); >- >+ apr_status_t tv; >+ > if (sslconn) { > sc = mySrvConfig(sslconn->server); > } >@@ -482,6 +486,14 @@ > return DECLINED; > } > >+ /* Set the SSL connection timeout. */ >+ rv = apr_socket_timeout_set(csd, sc->timeout); >+ if(rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "Unable to set timeout on SSL socket"); >+ } >+ > /* > * Remember the connection information for > * later access inside callback functions
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49717
:
25855
| 25856 |
25857