From 34de90c486176992d8bc3d0f5f9f1156509d448c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Tue, 27 Nov 2018 19:46:05 +0100 Subject: [PATCH] Fix TLS handshake timeout not being enforced (#9381) Follow-up to #9329 --- app/lib/request.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/app/lib/request.rb b/app/lib/request.rb index 024fce88a6cde3..4a81773e354484 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -4,6 +4,16 @@ require 'socket' require 'resolv' +# Monkey-patch the HTTP.rb timeout class to avoid using a timeout block +# around the Socket#open method, since we use our own timeout blocks inside +# that method +class HTTP::Timeout::PerOperation + def connect(socket_class, host, port, nodelay = false) + @socket = socket_class.open(host, port) + @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay + end +end + class Request REQUEST_TARGET = '(request-target)' @@ -95,7 +105,11 @@ def key_id end def timeout - { connect: nil, read: 10, write: 10 } + # We enforce a 1s timeout on DNS resolving, 10s timeout on socket opening + # and 5s timeout on the TLS handshake, meaning the worst case should take + # about 16s in total + + { connect: 5, read: 10, write: 10 } end def http_client