ASF Bugzilla – Attachment 25857 Details for
Bug 49717
PATCH: Enable SSL Timeout
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
2.3 (trunk) branch
ssl_timeout-trunk.diff (text/plain), 4.59 KB, created by
Andrew C. Oliver
on 2010-08-06 12:20:33 UTC
(
hide
)
Description:
2.3 (trunk) branch
Filename:
MIME Type:
Creator:
Andrew C. Oliver
Created:
2010-08-06 12:20:33 UTC
Size:
4.59 KB
patch
obsolete
>Index: server/core.c >=================================================================== >--- server/core.c (revision 959696) >+++ server/core.c (working copy) >@@ -3983,14 +3983,27 @@ > * is not initialized correctly, Linux - for example - will > * be initially blocking, while Solaris will be non blocking > * and any initial read will fail. >+ * >+ * If this timeout has already been set, don't set it again. >+ * This prevents overwriting of other modules' timeout options. >+ * > */ >- rv = apr_socket_timeout_set(csd, c->base_server->timeout); >- if (rv != APR_SUCCESS) { >- /* expected cause is that the client disconnected already */ >+ rv = apr_socket_timeout_get(csd, &old_time); >+ if(rv != APR_SUCCESS) { >+ /* not sure why this would fail */ > ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >- "apr_socket_timeout_set"); >+ "apr_socket_timeout_get"); > } > >+ if(old_time == apr_time_from_sec(0)) { >+ rv = apr_socket_timeout_set(csd, c->base_server->timeout); >+ if (rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "apr_socket_timeout_set"); >+ } >+ } >+ > net->c = c; > net->in_ctx = NULL; > net->out_ctx = NULL; >Index: modules/ssl/ssl_private.h >=================================================================== >--- modules/ssl/ssl_private.h (revision 959696) >+++ modules/ssl/ssl_private.h (working copy) >@@ -502,6 +502,7 @@ > modssl_ctx_t *proxy; > ssl_enabled_t proxy_ssl_check_peer_expire; > ssl_enabled_t proxy_ssl_check_peer_cn; >+ apr_interval_time_t timeout; > #ifndef OPENSSL_NO_TLSEXT > ssl_enabled_t strict_sni_vhost_check; > #endif >@@ -573,6 +574,7 @@ > const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); > const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); > const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); >+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, void *dcfg, int flag); > > const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag); > const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *); >Index: modules/ssl/ssl_engine_config.c >=================================================================== >--- modules/ssl/ssl_engine_config.c (revision 959696) >+++ modules/ssl/ssl_engine_config.c (working copy) >@@ -188,6 +188,7 @@ > sc->insecure_reneg = UNSET; > sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET; > sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET; >+ sc->timeout = 0; > #ifndef OPENSSL_NO_TLSEXT > sc->strict_sni_vhost_check = SSL_ENABLED_UNSET; > #endif >@@ -296,6 +297,7 @@ > cfgMerge(enabled, SSL_ENABLED_UNSET); > cfgMergeBool(proxy_enabled); > cfgMergeInt(session_cache_timeout); >+ cfgMergeInt(timeout); > cfgMergeBool(cipher_server_pref); > cfgMergeBool(insecure_reneg); > cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET); >@@ -383,6 +385,15 @@ > * Configuration functions for particular directives > */ > >+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, >+ void *dcfg, >+ const char *arg) >+{ >+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server); >+ sc->timeout = apr_time_from_sec(atoi(arg)); >+ return NULL; >+} >+ > const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, > void *dcfg, > const char *arg) >Index: modules/ssl/mod_ssl.c >=================================================================== >--- modules/ssl/mod_ssl.c (revision 959696) >+++ modules/ssl/mod_ssl.c (working copy) >@@ -132,6 +132,9 @@ > "Set user name to SSL variable value") > SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, > "Strict SNI virtual host checking") >+ SSL_CMD_SRV(Timeout, TAKE1, >+ "SSL connection lifetime " >+ "(`N' - number of seconds)") > > /* > * Proxy configuration for remote SSL connections >@@ -510,6 +513,14 @@ > return DECLINED; > } > >+ /* Set the SSL connection timeout. */ >+ rv = apr_socket_timeout_set(csd, sc->timeout); >+ if(rv != APR_SUCCESS) { >+ /* expected cause is that the client disconnected already */ >+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c, >+ "Unable to set timeout on SSL socket"); >+ } >+ > /* > * Remember the connection information for > * later access inside callback functions
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49717
:
25855
|
25856
| 25857