From 6c4c136189ad7e5dcdcc8148f40204653b126b16 Mon Sep 17 00:00:00 2001 From: David Soulayrol Date: Thu, 5 Nov 2020 11:41:00 +0100 Subject: [PATCH] Added configuration item for handshake timeout on SSL channel (#531) --- broker/src/main/java/io/moquette/BrokerConstants.java | 1 + .../main/java/io/moquette/broker/NewNettyAcceptor.java | 10 +++++++++- distribution/src/main/resources/moquette.conf | 7 +++++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/broker/src/main/java/io/moquette/BrokerConstants.java b/broker/src/main/java/io/moquette/BrokerConstants.java index 7cb58627c..c58b515b6 100644 --- a/broker/src/main/java/io/moquette/BrokerConstants.java +++ b/broker/src/main/java/io/moquette/BrokerConstants.java @@ -78,6 +78,7 @@ public final class BrokerConstants { public static final String NETTY_TCP_NODELAY_PROPERTY_NAME = "netty.tcp_nodelay"; public static final String NETTY_SO_KEEPALIVE_PROPERTY_NAME = "netty.so_keepalive"; public static final String NETTY_CHANNEL_TIMEOUT_SECONDS_PROPERTY_NAME = "netty.channel_timeout.seconds"; + public static final String NETTY_CHANNEL_HANDSHAKE_TIMEOUT_SECONDS_PROPERTY_NAME = "netty.channel_handshake_timeout.seconds"; public static final String NETTY_EPOLL_PROPERTY_NAME = "netty.epoll"; public static final String NETTY_MAX_BYTES_PROPERTY_NAME = "netty.mqtt.message_size"; public static final int DEFAULT_NETTY_MAX_BYTES_IN_MESSAGE = 8092; diff --git a/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java b/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java index 20293d663..e252295b1 100644 --- a/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java +++ b/broker/src/main/java/io/moquette/broker/NewNettyAcceptor.java @@ -133,6 +133,7 @@ public void operationComplete(ChannelFuture future) throws Exception { private boolean nettyTcpNodelay; private boolean nettySoKeepalive; private int nettyChannelTimeoutSeconds; + private int nettyChannelHandshakeTimeoutSeconds; private int maxBytesInMessage; private Class channelClass; @@ -145,6 +146,8 @@ public void initialize(NewNettyMQTTHandler mqttHandler, IConfig props, ISslConte nettyTcpNodelay = props.boolProp(BrokerConstants.NETTY_TCP_NODELAY_PROPERTY_NAME, true); nettySoKeepalive = props.boolProp(BrokerConstants.NETTY_SO_KEEPALIVE_PROPERTY_NAME, true); nettyChannelTimeoutSeconds = props.intProp(BrokerConstants.NETTY_CHANNEL_TIMEOUT_SECONDS_PROPERTY_NAME, 10); + nettyChannelHandshakeTimeoutSeconds = props.intProp( + BrokerConstants.NETTY_CHANNEL_HANDSHAKE_TIMEOUT_SECONDS_PROPERTY_NAME, 10); maxBytesInMessage = props.intProp(BrokerConstants.NETTY_MAX_BYTES_PROPERTY_NAME, BrokerConstants.DEFAULT_NETTY_MAX_BYTES_IN_MESSAGE); @@ -414,6 +417,7 @@ public void close() { } private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslContext, boolean needsClientAuth) { + SslHandler handler; SSLEngine sslEngine = sslContext.newEngine( channel.alloc(), channel.remoteAddress().getHostString(), @@ -422,6 +426,10 @@ private ChannelHandler createSslHandler(SocketChannel channel, SslContext sslCon if (needsClientAuth) { sslEngine.setNeedClientAuth(true); } - return new SslHandler(sslEngine); + + handler = new SslHandler(sslEngine); + handler.setHandshakeTimeoutMillis(nettyChannelHandshakeTimeoutSeconds * 1000); + + return handler; } } diff --git a/distribution/src/main/resources/moquette.conf b/distribution/src/main/resources/moquette.conf index 660f31072..b3720340c 100644 --- a/distribution/src/main/resources/moquette.conf +++ b/distribution/src/main/resources/moquette.conf @@ -141,9 +141,16 @@ password_file config/password_file.conf # netty.mqtt.message_size : by default the max size of message is set at 8092 bytes # http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Toc442180836 # Fore more information about payload size specs. +# +# Optional +# netty.channel_handshake_timeout.seconds: +# The number of seconds before the SSL handshake times out. The +# value is provided to Netty's SslHandler, and its current +# default value is 10. #********************************************************************* # netty.epoll true # netty.mqtt.message_size 8092 +# netty.channel_handshake_timeout.seconds 10 #********************************************************************* # Command session queues