chenBright commented on code in PR #3296:
URL: https://github.com/apache/brpc/pull/3296#discussion_r3245589797
##########
src/brpc/socket.cpp:
##########
@@ -1956,9 +1963,23 @@ int Socket::SSLHandshake(int fd, bool server_mode) {
_ssl_state = SSL_CONNECTING;
+ // Bound the handshake by a deadline; without it, a peer that completes
+ // the TCP handshake but never returns a TLS Hello (e.g. server not
+ // configured for SSL) would park this bthread on bthread_fd_wait
+ // forever. That bthread holds a Socket reference via WriteRequest, so
+ // the underlying fd would never be recycled and the connection would
+ // remain ESTABLISHED indefinitely.
+ const int handshake_timeout_ms = FLAGS_ssl_handshake_timeout_ms;
+ timespec abstime_storage;
+ const timespec* abstime = NULL;
+ if (handshake_timeout_ms > 0) {
+ abstime_storage = butil::milliseconds_from_now(handshake_timeout_ms);
+ abstime = &abstime_storage;
+ }
+
// Loop until SSL handshake has completed. For SSL_ERROR_WANT_READ/WRITE,
- // we use bthread_fd_wait as polling mechanism instead of EventDispatcher
- // as it may confuse the origin event processing code.
+ // we use bthread_fd_timedwait as polling mechanism instead of
+ // EventDispatcher as it may confuse the origin event processing code.
while (true) {
ERR_clear_error();
int rc = SSL_do_handshake(_ssl_session);
Review Comment:
Does SSL_do_handshake support a timeout mechanism?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
