forked from fedi/mastodon
Fix TLS handshake timeout not being enforced (#9381)
Follow-up to #9329
This commit is contained in:
parent
11955600ad
commit
c39d7e7b2b
|
@ -4,6 +4,16 @@ require 'ipaddr'
|
||||||
require 'socket'
|
require 'socket'
|
||||||
require 'resolv'
|
require 'resolv'
|
||||||
|
|
||||||
|
# Monkey-patch the HTTP.rb timeout class to avoid using a timeout block
|
||||||
|
# around the Socket#open method, since we use our own timeout blocks inside
|
||||||
|
# that method
|
||||||
|
class HTTP::Timeout::PerOperation
|
||||||
|
def connect(socket_class, host, port, nodelay = false)
|
||||||
|
@socket = socket_class.open(host, port)
|
||||||
|
@socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
class Request
|
class Request
|
||||||
REQUEST_TARGET = '(request-target)'
|
REQUEST_TARGET = '(request-target)'
|
||||||
|
|
||||||
|
@ -95,7 +105,11 @@ class Request
|
||||||
end
|
end
|
||||||
|
|
||||||
def timeout
|
def timeout
|
||||||
{ connect: nil, read: 10, write: 10 }
|
# We enforce a 1s timeout on DNS resolving, 10s timeout on socket opening
|
||||||
|
# and 5s timeout on the TLS handshake, meaning the worst case should take
|
||||||
|
# about 16s in total
|
||||||
|
|
||||||
|
{ connect: 5, read: 10, write: 10 }
|
||||||
end
|
end
|
||||||
|
|
||||||
def http_client
|
def http_client
|
||||||
|
|
Loading…
Reference in a new issue