Project

General

Profile

Bug #14005 ยป 0001-webrick-do-not-hang-acceptor-on-slow-TLS-connections.patch

normalperson (Eric Wong), 10/11/2017 11:22 PM

View differences:

lib/webrick/server.rb
# the client socket.
def accept_client(svr)
sock = nil
begin
sock = svr.accept
Utils::set_non_blocking(sock)
rescue Errno::ECONNRESET, Errno::ECONNABORTED,
Errno::EPROTO, Errno::EINVAL
rescue StandardError => ex
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
@logger.error msg
case sock = svr.to_io.accept_nonblock(exception: false)
when :wait_readable
nil
else
if svr.respond_to?(:start_immediately)
sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
sock.sync_close = true
# we cannot do OpenSSL::SSL::SSLSocket#accept here because
# a slow client can prevent us from accepting connections
# from other clients
end
sock
end
return sock
rescue Errno::ECONNRESET, Errno::ECONNABORTED,
Errno::EPROTO, Errno::EINVAL
nil
rescue StandardError => ex
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
@logger.error msg
nil
end
##
......
@logger.debug "accept: <address unknown>"
raise
end
if sock.respond_to?(:sync_close=) && @config[:SSLStartImmediately]
WEBrick::Utils.timeout(@config[:RequestTimeout]) do
sock.accept # OpenSSL::SSL::SSLSocket#accept
end
end
call_callback(:AcceptCallback, sock)
block ? block.call(sock) : run(sock)
rescue Errno::ENOTCONN
test/webrick/test_ssl_server.rb
require "webrick"
require "webrick/ssl"
require_relative "utils"
require 'timeout'
class TestWEBrickSSLServer < Test::Unit::TestCase
class Echo < WEBrick::GenericServer
......
io.close
}
end
def test_slow_connect
poke = lambda do |io, msg|
begin
sock = OpenSSL::SSL::SSLSocket.new(io)
sock.connect
sock.puts(msg)
assert_equal "#{msg}\n", sock.gets, msg
ensure
sock&.close
io.close
end
end
config = {
:SSLEnable => true,
:SSLCertName => "/C=JP/O=www.ruby-lang.org/CN=Ruby",
}
Timeout.timeout(10) do
TestWEBrick.start_server(Echo, config) do |server, addr, port, log|
outer = TCPSocket.new(addr, port)
inner = TCPSocket.new(addr, port)
poke.call(inner, 'fast TLS negotiation')
poke.call(outer, 'slow TLS negotiation')
end
end
end
end
-
    (1-1/1)