Attachment 25857 Details for Bug 49717 – 2.3 (trunk) branch

[patch] 2.3 (trunk) branch

ssl_timeout-trunk.diff (text/plain), 4.59 KB, created by Andrew C. Oliver on 2010-08-06 12:20:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andrew C. Oliver

Created: 2010-08-06 12:20:33 UTC

Size: 4.59 KB

patch

obsolete

>Index: server/core.c
>===================================================================
>--- server/core.c	(revision 959696)
>+++ server/core.c	(working copy)
>@@ -3983,14 +3983,27 @@
>      * is not initialized correctly, Linux - for example - will
>      * be initially blocking, while Solaris will be non blocking
>      * and any initial read will fail.
>+     *
>+     * If this timeout has already been set, don't set it again.
>+     * This prevents overwriting of other modules' timeout options.
>+     *
>      */
>-    rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>-    if (rv != APR_SUCCESS) {
>-        /* expected cause is that the client disconnected already */
>+    rv = apr_socket_timeout_get(csd, &old_time);
>+    if(rv != APR_SUCCESS) {
>+        /* not sure why this would fail */
>         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>-                      "apr_socket_timeout_set");
>+                      "apr_socket_timeout_get");
>     }
> 
>+    if(old_time == apr_time_from_sec(0)) {
>+        rv = apr_socket_timeout_set(csd, c->base_server->timeout);
>+        if (rv != APR_SUCCESS) {
>+            /* expected cause is that the client disconnected already */
>+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                          "apr_socket_timeout_set");
>+        }
>+    }
>+
>     net->c = c;
>     net->in_ctx = NULL;
>     net->out_ctx = NULL;
>Index: modules/ssl/ssl_private.h
>===================================================================
>--- modules/ssl/ssl_private.h	(revision 959696)
>+++ modules/ssl/ssl_private.h	(working copy)
>@@ -502,6 +502,7 @@
>     modssl_ctx_t    *proxy;
>     ssl_enabled_t    proxy_ssl_check_peer_expire;
>     ssl_enabled_t    proxy_ssl_check_peer_cn;
>+    apr_interval_time_t timeout;
> #ifndef OPENSSL_NO_TLSEXT
>     ssl_enabled_t    strict_sni_vhost_check;
> #endif
>@@ -573,6 +574,7 @@
> const char  *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
> const char  *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
> const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag);
>+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd, void *dcfg, int flag);
> 
> const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
> const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
>Index: modules/ssl/ssl_engine_config.c
>===================================================================
>--- modules/ssl/ssl_engine_config.c	(revision 959696)
>+++ modules/ssl/ssl_engine_config.c	(working copy)
>@@ -188,6 +188,7 @@
>     sc->insecure_reneg         = UNSET;
>     sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
>     sc->proxy_ssl_check_peer_cn     = SSL_ENABLED_UNSET;
>+    sc->timeout                = 0;
> #ifndef OPENSSL_NO_TLSEXT
>     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
> #endif
>@@ -296,6 +297,7 @@
>     cfgMerge(enabled, SSL_ENABLED_UNSET);
>     cfgMergeBool(proxy_enabled);
>     cfgMergeInt(session_cache_timeout);
>+    cfgMergeInt(timeout);
>     cfgMergeBool(cipher_server_pref);
>     cfgMergeBool(insecure_reneg);
>     cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
>@@ -383,6 +385,15 @@
>  *  Configuration functions for particular directives
>  */
> 
>+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd,
>+                             void *dcfg,
>+                             const char *arg)
>+{
>+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
>+    sc->timeout = apr_time_from_sec(atoi(arg));
>+    return NULL;
>+}
>+
> const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd,
>                                         void *dcfg,
>                                         const char *arg)
>Index: modules/ssl/mod_ssl.c
>===================================================================
>--- modules/ssl/mod_ssl.c	(revision 959696)
>+++ modules/ssl/mod_ssl.c	(working copy)
>@@ -132,6 +132,9 @@
>                 "Set user name to SSL variable value")
>     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
>                 "Strict SNI virtual host checking")
>+    SSL_CMD_SRV(Timeout, TAKE1,
>+                "SSL connection lifetime "
>+                "(`N' - number of seconds)")
> 
>     /*
>      * Proxy configuration for remote SSL connections
>@@ -510,6 +513,14 @@
>         return DECLINED;
>     }
> 
>+    /* Set the SSL connection timeout. */
>+    rv = apr_socket_timeout_set(csd, sc->timeout);
>+    if(rv != APR_SUCCESS) {
>+        /* expected cause is that the client disconnected already */
>+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
>+                      "Unable to set timeout on SSL socket");
>+    }
>+    
>     /*
>      * Remember the connection information for
>      * later access inside callback functions

Actions: View | Diff

Attachments on bug 49717: 25855 | 25856 | 25857