git.ipfire.org Git - thirdparty/squid.git/commit

SSL Server connect I/O timeout

FwdState::negotiateSSL() operates on a TCP connection without a timeout. If,
for example, the server never responds to Squid SSL Hello, the connection get
stuck forever. This happens in real world when, for example, a client is trying
to establish an SSL connection through bumping Squid to an HTTP server that
does not speak SSL and does not detect initial request garbage (from HTTP point
of view)

This patch adds support for timeout to SSL negotiation procedure and sets this
timeout so that it does not exceed peer_connect or forward_timeout.

This is a Measurement Factory project

author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Thu, 10 Jul 2014 14:47:53 +0000 (17:47 +0300)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Thu, 10 Jul 2014 14:47:53 +0000 (17:47 +0300)
commit	8aec3e1bec32b40930eef743528336a536939d39
tree	c8f41f10ccdc898b0d3a54b34932f6c9310929ae	tree \| snapshot
parent	dbb4956c2b253b5615edc15b3cf972a23838c9fa	commit \| diff

src/FwdState.cc		diff \| blob \| blame \| history
src/FwdState.h		diff \| blob \| blame \| history
src/PeerPoolMgr.cc		diff \| blob \| blame \| history
src/comm/ConnOpener.cc		diff \| blob \| blame \| history
src/comm/Connection.cc		diff \| blob \| blame \| history
src/comm/Connection.h		diff \| blob \| blame \| history
src/comm/TcpAcceptor.cc		diff \| blob \| blame \| history
src/ssl/PeerConnector.cc		diff \| blob \| blame \| history
src/ssl/PeerConnector.h		diff \| blob \| blame \| history