From be988cd24a22455d0617c506e82a4ea47f9d0d13 Mon Sep 17 00:00:00 2001 From: Christos Tsantilas Date: Fri, 20 Jun 2014 22:24:37 -0600 Subject: [PATCH] Non https connectiona on SSL-bump enabled port may stuck This is can be seen on skype when try to connect to server using an SSL-bump enabled squid port. Squid try to bump the connection, waiting for ever the ssl protocol header, and skype client waits for ever an answer from the server. This patch sets the timeout to Config.Timeout.request (request_timeout) This is a Measurement Factory project --- src/client_side.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/client_side.cc b/src/client_side.cc index e4fae95f46..98fa58bc50 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3988,7 +3988,13 @@ ConnStateData::getSslContextDone(SSL_CTX * sslContext, bool isNew) if (!httpsCreate(clientConnection, sslContext)) return; - // commSetConnTimeout() was called for this request before we switched. + // bumped intercepted conns should already have Config.Timeout.request set + // but forwarded connections may only have Config.Timeout.lifetime. [Re]set + // to make sure the connection does not get stuck on non-SSL clients. + typedef CommCbMemFunT TimeoutDialer; + AsyncCall::Pointer timeoutCall = JobCallback(33, 5, TimeoutDialer, + this, ConnStateData::requestTimeout); + commSetConnTimeout(clientConnection, Config.Timeout.request, timeoutCall); // Disable the client read handler until CachePeer selection is complete Comm::SetSelect(clientConnection->fd, COMM_SELECT_READ, NULL, NULL, 0); -- 2.47.2