Bug #14005 ยป 0001-webrick-do-not-hang-acceptor-on-slow-TLS-connections.patch
| lib/webrick/server.rb | ||
|---|---|---|
|
# the client socket.
|
||
|
def accept_client(svr)
|
||
|
sock = nil
|
||
|
begin
|
||
|
sock = svr.accept
|
||
|
Utils::set_non_blocking(sock)
|
||
|
rescue Errno::ECONNRESET, Errno::ECONNABORTED,
|
||
|
Errno::EPROTO, Errno::EINVAL
|
||
|
rescue StandardError => ex
|
||
|
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
|
||
|
@logger.error msg
|
||
|
case sock = svr.to_io.accept_nonblock(exception: false)
|
||
|
when :wait_readable
|
||
|
nil
|
||
|
else
|
||
|
if svr.respond_to?(:start_immediately)
|
||
|
sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
|
||
|
sock.sync_close = true
|
||
|
# we cannot do OpenSSL::SSL::SSLSocket#accept here because
|
||
|
# a slow client can prevent us from accepting connections
|
||
|
# from other clients
|
||
|
end
|
||
|
sock
|
||
|
end
|
||
|
return sock
|
||
|
rescue Errno::ECONNRESET, Errno::ECONNABORTED,
|
||
|
Errno::EPROTO, Errno::EINVAL
|
||
|
nil
|
||
|
rescue StandardError => ex
|
||
|
msg = "#{ex.class}: #{ex.message}\n\t#{ex.backtrace[0]}"
|
||
|
@logger.error msg
|
||
|
nil
|
||
|
end
|
||
|
##
|
||
| ... | ... | |
|
@logger.debug "accept: <address unknown>"
|
||
|
raise
|
||
|
end
|
||
|
if sock.respond_to?(:sync_close=) && @config[:SSLStartImmediately]
|
||
|
WEBrick::Utils.timeout(@config[:RequestTimeout]) do
|
||
|
sock.accept # OpenSSL::SSL::SSLSocket#accept
|
||
|
end
|
||
|
end
|
||
|
call_callback(:AcceptCallback, sock)
|
||
|
block ? block.call(sock) : run(sock)
|
||
|
rescue Errno::ENOTCONN
|
||
| test/webrick/test_ssl_server.rb | ||
|---|---|---|
|
require "webrick"
|
||
|
require "webrick/ssl"
|
||
|
require_relative "utils"
|
||
|
require 'timeout'
|
||
|
class TestWEBrickSSLServer < Test::Unit::TestCase
|
||
|
class Echo < WEBrick::GenericServer
|
||
| ... | ... | |
|
io.close
|
||
|
}
|
||
|
end
|
||
|
def test_slow_connect
|
||
|
poke = lambda do |io, msg|
|
||
|
begin
|
||
|
sock = OpenSSL::SSL::SSLSocket.new(io)
|
||
|
sock.connect
|
||
|
sock.puts(msg)
|
||
|
assert_equal "#{msg}\n", sock.gets, msg
|
||
|
ensure
|
||
|
sock&.close
|
||
|
io.close
|
||
|
end
|
||
|
end
|
||
|
config = {
|
||
|
:SSLEnable => true,
|
||
|
:SSLCertName => "/C=JP/O=www.ruby-lang.org/CN=Ruby",
|
||
|
}
|
||
|
Timeout.timeout(10) do
|
||
|
TestWEBrick.start_server(Echo, config) do |server, addr, port, log|
|
||
|
outer = TCPSocket.new(addr, port)
|
||
|
inner = TCPSocket.new(addr, port)
|
||
|
poke.call(inner, 'fast TLS negotiation')
|
||
|
poke.call(outer, 'slow TLS negotiation')
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
-
|
||