epee: implement handshake timeout for SSL connections
This commit is contained in:
parent
d0d76f771a
commit
4371791977
@ -177,7 +177,7 @@ namespace net_utils
|
|||||||
// SSL Options
|
// SSL Options
|
||||||
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
|
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_enabled || m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
|
||||||
{
|
{
|
||||||
if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr))
|
if (!m_ssl_options.handshake(*m_ssl_socket, boost::asio::ssl::stream_base::client, addr, timeout))
|
||||||
{
|
{
|
||||||
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
|
if (m_ssl_options.support == epee::net_utils::ssl_support_t::e_ssl_support_autodetect)
|
||||||
{
|
{
|
||||||
|
@ -128,7 +128,11 @@ namespace net_utils
|
|||||||
|
|
||||||
\return True if the SSL handshake completes with peer verification
|
\return True if the SSL handshake completes with peer verification
|
||||||
settings. */
|
settings. */
|
||||||
bool handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host = {}) const;
|
bool handshake(
|
||||||
|
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
|
||||||
|
boost::asio::ssl::stream_base::handshake_type type,
|
||||||
|
const std::string& host = {},
|
||||||
|
std::chrono::milliseconds timeout = std::chrono::seconds(15)) const;
|
||||||
};
|
};
|
||||||
|
|
||||||
// https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification
|
// https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification
|
||||||
|
@ -28,9 +28,11 @@
|
|||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <boost/asio/ssl.hpp>
|
#include <boost/asio/ssl.hpp>
|
||||||
|
#include <boost/lambda/lambda.hpp>
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/pem.h>
|
#include <openssl/pem.h>
|
||||||
#include "misc_log_ex.h"
|
#include "misc_log_ex.h"
|
||||||
|
#include "net/net_helper.h"
|
||||||
#include "net/net_ssl.h"
|
#include "net/net_ssl.h"
|
||||||
|
|
||||||
#undef MONERO_DEFAULT_LOG_CATEGORY
|
#undef MONERO_DEFAULT_LOG_CATEGORY
|
||||||
@ -456,7 +458,11 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string& host) const
|
bool ssl_options_t::handshake(
|
||||||
|
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,
|
||||||
|
boost::asio::ssl::stream_base::handshake_type type,
|
||||||
|
const std::string& host,
|
||||||
|
std::chrono::milliseconds timeout) const
|
||||||
{
|
{
|
||||||
socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true));
|
socket.next_layer().set_option(boost::asio::ip::tcp::no_delay(true));
|
||||||
|
|
||||||
@ -502,8 +508,23 @@ bool ssl_options_t::handshake(boost::asio::ssl::stream<boost::asio::ip::tcp::soc
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
boost::system::error_code ec;
|
auto& io_service = GET_IO_SERVICE(socket);
|
||||||
socket.handshake(type, ec);
|
boost::asio::steady_timer deadline(io_service, timeout);
|
||||||
|
deadline.async_wait([&socket](const boost::system::error_code& error) {
|
||||||
|
if (error != boost::asio::error::operation_aborted)
|
||||||
|
{
|
||||||
|
socket.next_layer().close();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
boost::system::error_code ec = boost::asio::error::would_block;
|
||||||
|
socket.async_handshake(type, boost::lambda::var(ec) = boost::lambda::_1);
|
||||||
|
while (ec == boost::asio::error::would_block)
|
||||||
|
{
|
||||||
|
io_service.reset();
|
||||||
|
io_service.run_one();
|
||||||
|
}
|
||||||
|
|
||||||
if (ec)
|
if (ec)
|
||||||
{
|
{
|
||||||
MERROR("SSL handshake failed, connection dropped: " << ec.message());
|
MERROR("SSL handshake failed, connection dropped: " << ec.message());
|
||||||
|
Loading…
Reference in New Issue
Block a user