Skip to content
This repository

Fix SSL timeout issue (issue 1307) #24

Merged
merged 4 commits into from over 1 year ago

4 participants

David Beitey Stefan de Konink smunaut Alvaro Lopez Ortega
David Beitey

Previously, the connection timeout was not respected on SSL connections -- it always defaulting back to the default of 15 seconds. This pull request solves the issue.

I've applied the patches from Sylvain Munaut @ http://code.google.com/p/cherokee/issues/detail?id=1307 and included QA tests to ensure this works against HTTP and HTTPS.

and others added some commits June 15, 2012
smunaut ssl: Restore the server default timeout_lapse once SSL negotiation is…
… done

The timeout_lapse was replaced by the SSL negotiation timeout during the
accept. We need to restore it to the proper value once the SSL stuff is
over with.

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
881bedd
smunaut rule_list: Update the timeout when setting per-rule timeout_lapse
It's required or the new timeout_lapse might not be taken into
account since the connection expiration time that's in conn->timeout
has been computed with the previous timeout_lapse

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
2510045
Alvaro Lopez Ortega The QA bench was not working over SSL. 13012f9
David Beitey Adding tests for timeout against rules 541f26c
Stefan de Konink skinkie merged commit 9864126 into from July 19, 2012
Stefan de Konink skinkie closed this July 19, 2012
Stefan de Konink
Collaborator

Thanks for following up. I know there are a lot of fixes also in my personal Cherokee repo which we can close a lot of bugs with.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 4 unique commits by 3 authors.

Jul 18, 2012
smunaut ssl: Restore the server default timeout_lapse once SSL negotiation is…
… done

The timeout_lapse was replaced by the SSL negotiation timeout during the
accept. We need to restore it to the proper value once the SSL stuff is
over with.

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
881bedd
smunaut rule_list: Update the timeout when setting per-rule timeout_lapse
It's required or the new timeout_lapse might not be taken into
account since the connection expiration time that's in conn->timeout
has been computed with the previous timeout_lapse

Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
2510045
Jul 19, 2012
Alvaro Lopez Ortega The QA bench was not working over SSL. 13012f9
David Beitey Adding tests for timeout against rules 541f26c
This page is out of date. Refresh to see the latest.
1  cherokee/rule_list.c
@@ -78,6 +78,7 @@ update_connection (cherokee_connection_t   *conn,
78 78
 	if (! NULLI_IS_NULL(ret_config->timeout_lapse)) {
79 79
 		conn->timeout_lapse  = ret_config->timeout_lapse;
80 80
 		conn->timeout_header = ret_config->timeout_header;
  81
+		cherokee_connection_update_timeout (conn);
81 82
 	}
82 83
 }
83 84
 
2  cherokee/thread.c
@@ -814,6 +814,8 @@ process_active_connections (cherokee_thread_t *thd)
814 814
 				/* Set mode and update timeout
815 815
 				 */
816 816
 				conn_set_mode (thd, conn, socket_reading);
  817
+
  818
+				conn->timeout_lapse  = srv->timeout;
817 819
 				cherokee_connection_update_timeout (conn);
818 820
 
819 821
 				conn->phase = phase_reading_header;
95  qa/298-Timeout.py
... ...
@@ -0,0 +1,95 @@
  1
+from base import *
  2
+
  3
+DIR = "298-Timeout"
  4
+DIR_RULE = "%s-rule" % DIR
  5
+CONTENT = "Tests to check whether timeout is applied."
  6
+
  7
+SERVER_TIMEOUT = 5
  8
+RULE_TIMEOUT = 3
  9
+
  10
+CONF = """
  11
+server!timeout = %(SERVER_TIMEOUT)i
  12
+vserver!1!rule!2890!match = directory
  13
+vserver!1!rule!2890!match!directory = /%(DIR)s
  14
+vserver!1!rule!2890!handler = cgi
  15
+
  16
+vserver!1!rule!2891!match = directory
  17
+vserver!1!rule!2891!match!directory = /%(DIR_RULE)s
  18
+vserver!1!rule!2891!handler = cgi
  19
+vserver!1!rule!2891!timeout = %(RULE_TIMEOUT)i
  20
+
  21
+""" %(globals())
  22
+
  23
+CGI_CODE = """#!/bin/sh
  24
+
  25
+echo "Content-Type: text/plain"
  26
+echo
  27
+sleep %(runtime)i
  28
+echo "%(content)s"
  29
+"""
  30
+
  31
+
  32
+class TestEntry (TestBase):
  33
+    """Test for timeout being applied.
  34
+
  35
+    If timeout expires, no content after `sleep` in the CGI will
  36
+    be delivered.
  37
+    """
  38
+
  39
+    def __init__ (self, dir, filename, runtime, content, expected_timeout):
  40
+        TestBase.__init__ (self, __file__)
  41
+        self.request = "GET /%s/%s HTTP/1.0\r\n" % (dir, filename) +\
  42
+                       "Connection: close\r\n"
  43
+        self.expected_error = 200
  44
+
  45
+        if runtime < expected_timeout:
  46
+            self.expected_content = content
  47
+        else:
  48
+            self.forbidden_content = content
  49
+
  50
+
  51
+class Test (TestCollection):
  52
+
  53
+    def __init__ (self):
  54
+        TestCollection.__init__ (self, __file__)
  55
+
  56
+        self.name = "Connection Timeouts Applied"
  57
+        self.conf = CONF
  58
+        self.proxy_suitable = True
  59
+        self.filenames = {DIR: [],
  60
+                          DIR_RULE: []}
  61
+
  62
+    def Prepare (self, www):
  63
+        self.local_dirs = {DIR: self.Mkdir (www, DIR),
  64
+                           DIR_RULE: self.Mkdir (www, DIR_RULE)}
  65
+
  66
+    def JustBefore (self, www):
  67
+        # Create sub-request objects
  68
+        self.Empty ()
  69
+
  70
+        # Create all tests with different runtime lengths
  71
+        # Instant return and 1 second less than timeout should work,
  72
+        # but past the timeout should return no content.
  73
+        for dir, timeout in ((DIR, SERVER_TIMEOUT), (DIR_RULE, RULE_TIMEOUT)):
  74
+            for script_runtime in (0, timeout-1, timeout+1):
  75
+                # Write the new script files
  76
+                filename = 'test-%i-seconds.cgi' % script_runtime
  77
+                code = CGI_CODE % dict(runtime=script_runtime, content=CONTENT)
  78
+                self.WriteFile (self.local_dirs[dir], filename, 0755, code)
  79
+                self.filenames[dir].append(filename)
  80
+
  81
+                obj = self.Add (TestEntry (dir,
  82
+                                           filename,
  83
+                                           runtime=script_runtime,
  84
+                                           content=CONTENT,
  85
+                                           expected_timeout=timeout))
  86
+
  87
+
  88
+    def JustAfter (self, www):
  89
+        # Clean up the local files
  90
+        for dir in self.local_dirs:
  91
+            for filename in self.filenames[dir]:
  92
+                fp = os.path.join (self.local_dirs[dir], filename)
  93
+                os.unlink (fp)
  94
+        self.filenames = {}
  95
+
5  qa/conf.py.pre
@@ -17,9 +17,8 @@ LOGGER_ACCESS     = "access.log"
17 17
 LOGGER_ERROR      = "error.log"
18 18
 
19 19
 # TLS/SSL
20  
-SSL_CERT_FILE     = "/etc/cherokee/ssl/cherokee.pem"
21  
-SSL_CERT_KEY_FILE = "/etc/cherokee/ssl/cherokee.pem"
22  
-SSL_CA_FILE       = "/etc/cherokee/ssl/cherokee.pem"
  20
+SSL_CERT_FILE     = "/etc/cherokee/ssl/cherokee.crt"
  21
+SSL_CERT_KEY_FILE = "/etc/cherokee/ssl/cherokee.key"
23 22
 
24 23
 # Misc options
25 24
 SERVER_DELAY      = 10
8  qa/run-tests.py
@@ -217,7 +217,6 @@
217 217
 server!bind!1!interface = %(listen)s
218 218
 server!bind!2!port = %(PORT_TLS)d
219 219
 server!bind!2!tls = 1
220  
-server!bind!2!interface = %(listen)s
221 220
 server!keepalive = 1
222 221
 server!panic_action = %(panic)s
223 222
 server!pid_file = %(pid)s
@@ -260,10 +259,9 @@
260 259
 if ssl:
261 260
     CONF_BASE += """
262 261
 server!tls = libssl
263  
-vserver!1!ssl_certificate_file = %s
264  
-vserver!1!ssl_certificate_key_file = %s
265  
-vserver!1!ssl_ca_list_file = %s
266  
-""" % (SSL_CERT_FILE, SSL_CERT_KEY_FILE, SSL_CA_FILE)
  262
+vserver!1!ssl_certificate_file = %(SSL_CERT_FILE)s
  263
+vserver!1!ssl_certificate_key_file = %(SSL_CERT_KEY_FILE)s
  264
+""" % (globals())
267 265
 
268 266
 if log:
269 267
     CONF_BASE += """
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.