diff options
| author | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-12 18:50:07 +0000 |
|---|---|---|
| committer | normal <normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2017-10-12 18:50:07 +0000 |
| commit | feafe07874d3f9f9aa3fa007421ecd28472959a7 (patch) | |
| tree | 602f549415640ab9691ad6eab435a6ced414fb98 /test/webrick | |
| parent | e22f35ef2a671b17738929aa25372ea29d9a0a5a (diff) | |
webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60172 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'test/webrick')
| -rw-r--r-- | test/webrick/test_ssl_server.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/test/webrick/test_ssl_server.rb b/test/webrick/test_ssl_server.rb index f6d5250365..64cf25f78b 100644 --- a/test/webrick/test_ssl_server.rb +++ b/test/webrick/test_ssl_server.rb @@ -2,6 +2,7 @@ require "test/unit" require "webrick" require "webrick/ssl" require_relative "utils" +require 'timeout' class TestWEBrickSSLServer < Test::Unit::TestCase class Echo < WEBrick::GenericServer @@ -37,4 +38,30 @@ class TestWEBrickSSLServer < Test::Unit::TestCase io.close } end + + def test_slow_connect + poke = lambda do |io, msg| + begin + sock = OpenSSL::SSL::SSLSocket.new(io) + sock.connect + sock.puts(msg) + assert_equal "#{msg}\n", sock.gets, msg + ensure + sock&.close + io.close + end + end + config = { + :SSLEnable => true, + :SSLCertName => "/C=JP/O=www.ruby-lang.org/CN=Ruby", + } + Timeout.timeout(10) do + TestWEBrick.start_server(Echo, config) do |server, addr, port, log| + outer = TCPSocket.new(addr, port) + inner = TCPSocket.new(addr, port) + poke.call(inner, 'fast TLS negotiation') + poke.call(outer, 'slow TLS negotiation') + end + end + end end |