Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some reasonable timeouts to API server #337

Merged
merged 1 commit into from Jan 21, 2022
Merged

Add some reasonable timeouts to API server #337

merged 1 commit into from Jan 21, 2022

Conversation

nsmith5
Copy link
Contributor

@nsmith5 nsmith5 commented Jan 20, 2022

Summary

Adds a 1 minute hard coded read, header read, write and idle timeout. This helps prevents accidental or malicious connection exhaustion of the API server.

Implementation note

While simply setting ReadTimeout would have set the header read and write timeouts to the same value, I think setting them explicitly helps inform the future code readers about the server behaviour in case they're unfamiliar with the behaviour of http.Server timeouts.

Ticket Link

Fixes #336

Release Note

* Added 1 minute read, write and idle timeouts to API server

@haydentherapper
Copy link
Contributor

haydentherapper commented Jan 20, 2022
edited

Will this close all open connections, i.e. will this stop the connection to Trillian? Or should we also add a timeout for outbound connections?

@nsmith5
Copy link
Contributor Author

nsmith5 commented Jan 20, 2022

This is just for inbound API requests. Timeouts on the outbound requests to the CT log are controllered here and it seems are set to 30 seconds https://github.com/sigstore/fulcio/blob/main/pkg/ctl/ctl.go#L37

@dlorenc
Copy link
Member

dlorenc commented Jan 21, 2022

LGTM but it hit a merge conflict with your other one!

@nsmith5
Add some reasonable timeouts to API server
dad96bd 
Fixes sigstore#336

Signed-off-by: Nathan Smith <nathan@nfsmith.ca>
@nsmith5
Copy link
Contributor Author

nsmith5 commented Jan 21, 2022

Rebased on main and should be good to go now :)

@dlorenc dlorenc merged commit 50b605d into sigstore:main Jan 21, 2022
@nsmith5 nsmith5 deleted the server-timeouts branch January 22, 2022 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dlorenc dlorenc dlorenc approved these changes

@haydentherapper haydentherapper haydentherapper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Lack of server timeouts can lead to connection exhaustion
3 participants
@nsmith5 @haydentherapper @dlorenc