From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 17 Jun 2014 14:54:53 +0000 (+0300)
Subject: Non https connectiona on SSL-bump enabled port may stuck
X-Git-Tag: SQUID_3_5_0_1~175
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e67d484b7e5f933b552e7839b4d16100ec7c9c9;p=thirdparty%2Fsquid.git

Non https connectiona on SSL-bump enabled port may stuck

This is can be seen on skype when try to connect to server using an
SSL-bump enabled squid port. Squid try to bump the connection, waiting for ever
the ssl protocol header, and skype client waits for ever  an answer from the
server.

This patch sets the timeout to Config.Timeout.request (request_timeout)

This is a Measurement Factory project
---

diff --git a/src/client_side.cc b/src/client_side.cc
index a9a5428c7e..c5b9428e42 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3923,7 +3923,13 @@ ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew)
     if (!httpsCreate(clientConnection, sslContext))
         return;
 
-    // commSetConnTimeout() was called for this request before we switched.
+    // bumped intercepted conns should already have Config.Timeout.request set
+    // but forwarded connections may only have Config.Timeout.lifetime. [Re]set
+    // to make sure the connection does not get stuck on non-SSL clients.
+    typedef CommCbMemFunT<ConnStateData, CommTimeoutCbParams> TimeoutDialer;
+    AsyncCall::Pointer timeoutCall = JobCallback(33, 5, TimeoutDialer,
+                                                 this, ConnStateData::requestTimeout);
+    commSetConnTimeout(clientConnection, Config.Timeout.request, timeoutCall);
 
     // Disable the client read handler until CachePeer selection is complete
     Comm::SetSelect(clientConnection->fd, COMM_SELECT_READ, NULL, NULL, 0);