Skip to content

Commit

Permalink
Fix TLS handshake timeout not being enforced (mastodon#9381)
Browse files Browse the repository at this point in the history
Follow-up to mastodon#9329
  • Loading branch information
Gargron authored and abcang committed Mar 19, 2020
1 parent e20e0cf commit ba44cf5
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion app/lib/request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,16 @@
require 'socket'
require 'resolv'

# Monkey-patch the HTTP.rb timeout class to avoid using a timeout block
# around the Socket#open method, since we use our own timeout blocks inside
# that method
class HTTP::Timeout::PerOperation
def connect(socket_class, host, port, nodelay = false)
@socket = socket_class.open(host, port)
@socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
end
end

class Request
REQUEST_TARGET = '(request-target)'

Expand Down Expand Up @@ -94,7 +104,11 @@ def key_id
end

def timeout
{ connect: nil, read: 10, write: 10 }
# We enforce a 1s timeout on DNS resolving, 10s timeout on socket opening
# and 5s timeout on the TLS handshake, meaning the worst case should take
# about 16s in total

{ connect: 5, read: 10, write: 10 }
end

def http_client
Expand Down

0 comments on commit ba44cf5

Please sign in to comment.