Index: server/core.c =================================================================== --- server/core.c (revision 959696) +++ server/core.c (working copy) @@ -3983,14 +3983,27 @@ * is not initialized correctly, Linux - for example - will * be initially blocking, while Solaris will be non blocking * and any initial read will fail. + * + * If this timeout has already been set, don't set it again. + * This prevents overwriting of other modules' timeout options. + * */ - rv = apr_socket_timeout_set(csd, c->base_server->timeout); - if (rv != APR_SUCCESS) { - /* expected cause is that the client disconnected already */ + rv = apr_socket_timeout_get(csd, &old_time); + if(rv != APR_SUCCESS) { + /* not sure why this would fail */ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, - "apr_socket_timeout_set"); + "apr_socket_timeout_get"); } + if(old_time == apr_time_from_sec(0)) { + rv = apr_socket_timeout_set(csd, c->base_server->timeout); + if (rv != APR_SUCCESS) { + /* expected cause is that the client disconnected already */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, + "apr_socket_timeout_set"); + } + } + net->c = c; net->in_ctx = NULL; net->out_ctx = NULL; Index: modules/ssl/ssl_private.h =================================================================== --- modules/ssl/ssl_private.h (revision 959696) +++ modules/ssl/ssl_private.h (working copy) @@ -502,6 +502,7 @@ modssl_ctx_t *proxy; ssl_enabled_t proxy_ssl_check_peer_expire; ssl_enabled_t proxy_ssl_check_peer_cn; + apr_interval_time_t timeout; #ifndef OPENSSL_NO_TLSEXT ssl_enabled_t strict_sni_vhost_check; #endif @@ -573,6 +574,7 @@ const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); +const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); Index: modules/ssl/ssl_engine_config.c =================================================================== --- modules/ssl/ssl_engine_config.c (revision 959696) +++ modules/ssl/ssl_engine_config.c (working copy) @@ -188,6 +188,7 @@ sc->insecure_reneg = UNSET; sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET; sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET; + sc->timeout = 0; #ifndef OPENSSL_NO_TLSEXT sc->strict_sni_vhost_check = SSL_ENABLED_UNSET; #endif @@ -296,6 +297,7 @@ cfgMerge(enabled, SSL_ENABLED_UNSET); cfgMergeBool(proxy_enabled); cfgMergeInt(session_cache_timeout); + cfgMergeInt(timeout); cfgMergeBool(cipher_server_pref); cfgMergeBool(insecure_reneg); cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET); @@ -383,6 +385,15 @@ * Configuration functions for particular directives */ +const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, + void *dcfg, + const char *arg) +{ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + sc->timeout = apr_time_from_sec(atoi(arg)); + return NULL; +} + const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg) Index: modules/ssl/mod_ssl.c =================================================================== --- modules/ssl/mod_ssl.c (revision 959696) +++ modules/ssl/mod_ssl.c (working copy) @@ -132,6 +132,9 @@ "Set user name to SSL variable value") SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, "Strict SNI virtual host checking") + SSL_CMD_SRV(Timeout, TAKE1, + "SSL connection lifetime " + "(`N' - number of seconds)") /* * Proxy configuration for remote SSL connections @@ -510,6 +513,14 @@ return DECLINED; } + /* Set the SSL connection timeout. */ + rv = apr_socket_timeout_set(csd, sc->timeout); + if(rv != APR_SUCCESS) { + /* expected cause is that the client disconnected already */ + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, + "Unable to set timeout on SSL socket"); + } + /* * Remember the connection information for * later access inside callback functions