Fix TLS handshake timeout not being enforced (#9381)

Follow-up to #9329
author: Eugen Rochko <eugen@zeonfederated.com> 2018-11-27 19:46:05 +0100
committer: GitHub <noreply@github.com> 2018-11-27 19:46:05 +0100
commit: c39d7e7b2b80a23f8d4e1410bb1c2d6033f30af0 (patch)
tree: 5dcb8b77ca804805ad1653e372af35780503e54a /app
parent: 11955600ad8ef1be41b01c5424a07975caeaaf51 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/app/lib/request.rb b/app/lib/request.rb
index 024fce88a..4a81773e3 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -4,6 +4,16 @@ require 'ipaddr'
 require 'socket'
 require 'resolv'
 
+# Monkey-patch the HTTP.rb timeout class to avoid using a timeout block
+# around the Socket#open method, since we use our own timeout blocks inside
+# that method
+class HTTP::Timeout::PerOperation
+  def connect(socket_class, host, port, nodelay = false)
+    @socket = socket_class.open(host, port)
+    @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
+  end
+end
+
 class Request
   REQUEST_TARGET = '(request-target)'
 
@@ -95,7 +105,11 @@ class Request
   end
 
   def timeout
-    { connect: nil, read: 10, write: 10 }
+    # We enforce a 1s timeout on DNS resolving, 10s timeout on socket opening
+    # and 5s timeout on the TLS handshake, meaning the worst case should take
+    # about 16s in total
+
+    { connect: 5, read: 10, write: 10 }
   end
 
   def http_client
author	Eugen Rochko <eugen@zeonfederated.com>	2018-11-27 19:46:05 +0100
committer	GitHub <noreply@github.com>	2018-11-27 19:46:05 +0100
commit	c39d7e7b2b80a23f8d4e1410bb1c2d6033f30af0 (patch)
tree	5dcb8b77ca804805ad1653e372af35780503e54a /app
parent	11955600ad8ef1be41b01c5424a07975caeaaf51 (diff)