From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 14 Jan 2017 07:18:53 +0000 (+1300)
Subject: Set default timeout on TLS handshake to servers
X-Git-Tag: M-staged-PR71~284^2~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d48f33e36cfa5c6fad4775ea86419b4e58bb8006;p=thirdparty%2Fsquid.git

Set default timeout on TLS handshake to servers
---

diff --git a/src/security/Session.cc b/src/security/Session.cc
index 21c56196c0..d69910d384 100644
--- a/src/security/Session.cc
+++ b/src/security/Session.cc
@@ -42,7 +42,7 @@ tls_read_method(int fd, char *buf, int len)
 #elif USE_GNUTLS
     int i = gnutls_record_recv(session, buf, len);
 #endif
-    debugs(83, 0, MYNAME << ": TLS FD " << fd << " read " << i << " bytes");
+    debugs(83, 1, MYNAME << ": TLS FD " << fd << " read " << i << " bytes");
 
     if (i > 0) {
         debugs(83, 8, "TLS FD " << fd << " session=" << (void*)session << " " << i << " bytes");
@@ -143,6 +143,7 @@ CreateSession(const Security::ContextPointer &ctx, const Comm::ConnectionPointer
             // NP: GnuTLS does not yet support the BIO operations
             //     this does the equivalent of SSL_set_fd() for now.
             gnutls_transport_set_int(session.get(), fd);
+            gnutls_handshake_set_timeout(session.get(), GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT);
 #endif
 
             debugs(83, 5, "link FD " << fd << " to TLS session=" << (void*)session.get());