Fix TLSGuard handshake timeout issue by breaking total timeout period into one second polling intervals.

shw_dev
Stephen Watt 7 years ago
parent 85d7d60d76
commit f616f54b2c

@ -11,7 +11,7 @@ import (
"time" "time"
) )
const TLSGUARD_READ_TIMEOUT = 8 * time.Second const TLSGUARD_READ_TIMEOUT = 8 // seconds
const TLSGUARD_MIN_TLS_VER_MAJ = 3 const TLSGUARD_MIN_TLS_VER_MAJ = 3
const TLSGUARD_MIN_TLS_VER_MIN = 1 const TLSGUARD_MIN_TLS_VER_MIN = 1
@ -270,6 +270,7 @@ func connectionReader(conn net.Conn, is_client bool, c chan connReader, done cha
mlen := 0 mlen := 0
rtype := 0 rtype := 0
stage := 1 stage := 1
ntimeouts := 0
for { for {
if ret_error != nil { if ret_error != nil {
@ -291,11 +292,18 @@ func connectionReader(conn net.Conn, is_client bool, c chan connReader, done cha
default: default:
if stage == 1 { if stage == 1 {
header := make([]byte, TLS_RECORD_HDR_LEN) header := make([]byte, TLS_RECORD_HDR_LEN)
conn.SetReadDeadline(time.Now().Add(TLSGUARD_READ_TIMEOUT)) conn.SetReadDeadline(time.Now().Add(1 * time.Second))
_, err := io.ReadFull(conn, header) _, err := io.ReadFull(conn, header)
conn.SetReadDeadline(time.Time{}) conn.SetReadDeadline(time.Time{})
if err != nil { if err != nil {
ret_error = err if err, ok := err.(net.Error); ok && err.Timeout() {
ret_error = err
} else {
ntimeouts++
if ntimeouts == TLSGUARD_READ_TIMEOUT {
ret_error = err
}
}
continue continue
} }
@ -323,13 +331,21 @@ func connectionReader(conn net.Conn, is_client bool, c chan connReader, done cha
buffered = header buffered = header
stage++ stage++
ntimeouts = 0
} else if stage == 2 { } else if stage == 2 {
remainder := make([]byte, mlen) remainder := make([]byte, mlen)
conn.SetReadDeadline(time.Now().Add(TLSGUARD_READ_TIMEOUT)) conn.SetReadDeadline(time.Now().Add(1 * time.Second))
_, err := io.ReadFull(conn, remainder) _, err := io.ReadFull(conn, remainder)
conn.SetReadDeadline(time.Time{}) conn.SetReadDeadline(time.Time{})
if err != nil { if err != nil {
ret_error = err if err, ok := err.(net.Error); ok && err.Timeout() {
ret_error = err
} else {
ntimeouts++
if ntimeouts == TLSGUARD_READ_TIMEOUT {
ret_error = err
}
}
continue continue
} }
@ -342,6 +358,7 @@ func connectionReader(conn net.Conn, is_client bool, c chan connReader, done cha
rtype = 0 rtype = 0
mlen = 0 mlen = 0
stage = 1 stage = 1
ntimeouts = 0
} }
} }
@ -592,6 +609,8 @@ select_loop:
if !cr.client && s == SSL3_MT_HELLO_REQUEST { if !cr.client && s == SSL3_MT_HELLO_REQUEST {
fmt.Println("Server sent hello request") fmt.Println("Server sent hello request")
other.Write(cr.data)
continue
} }
if s > SSL3_MT_CERTIFICATE_STATUS { if s > SSL3_MT_CERTIFICATE_STATUS {
@ -647,6 +666,11 @@ select_loop:
return err return err
} else { } else {
x509Valid = true x509Valid = true
// Added in.
other.Write(cr.data)
dChan <- true
dChan2 <- true
break select_loop
} }
} }

Loading…
Cancel
Save