128 lines
3.7 KiB
Diff
128 lines
3.7 KiB
Diff
From a7aabde8fee21c62795eba831fc2bc965c6e0149 Mon Sep 17 00:00:00 2001
|
|
From: Michael R Sweet <michael.r.sweet@gmail.com>
|
|
Date: Tue, 20 Feb 2018 20:18:05 -0500
|
|
Subject: [PATCH] Setting the timeout should also timeout the TLS negotiation
|
|
(rdar://34938533)
|
|
|
|
---
|
|
cups/http.c | 6 +++---
|
|
cups/tls-darwin.c | 35 +++++++++++++++++++++++++++++++----
|
|
cups/tls-gnutls.c | 35 ++++++++++++++++++++++++++++++++---
|
|
cups/tls.c | 2 +-
|
|
4 files changed, 67 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/cups/http.c b/cups/http.c
|
|
index 9af77c1c5..4d0a2a78e 100644
|
|
--- a/cups/http.c
|
|
+++ b/cups/http.c
|
|
@@ -4027,7 +4027,7 @@ http_read(http_t *http, /* I - HTTP connection */
|
|
|
|
DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length));
|
|
|
|
- if (!http->blocking)
|
|
+ if (!http->blocking || http->timeout_value > 0.0)
|
|
{
|
|
while (!httpWait(http, http->wait_value))
|
|
{
|
|
@@ -4626,7 +4626,7 @@ http_write(http_t *http, /* I - HTTP connection */
|
|
{
|
|
DEBUG_printf(("3http_write: About to write %d bytes.", (int)length));
|
|
|
|
- if (http->timeout_cb)
|
|
+ if (http->timeout_value > 0.0)
|
|
{
|
|
#ifdef HAVE_POLL
|
|
struct pollfd pfd; /* Polled file descriptor */
|
|
@@ -4670,7 +4670,7 @@ http_write(http_t *http, /* I - HTTP connection */
|
|
http->error = errno;
|
|
return (-1);
|
|
}
|
|
- else if (nfds == 0 && !(*http->timeout_cb)(http, http->timeout_data))
|
|
+ else if (nfds == 0 && (!http->timeout_cb || !(*http->timeout_cb)(http, http->timeout_data)))
|
|
{
|
|
#ifdef WIN32
|
|
http->error = WSAEWOULDBLOCK;
|
|
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
|
|
index 0f0cd0028..bc3cdd07d 100644
|
|
--- a/cups/tls-gnutls.c
|
|
+++ b/cups/tls-gnutls.c
|
|
@@ -1087,7 +1087,7 @@ http_gnutls_read(
|
|
|
|
http = (http_t *)ptr;
|
|
|
|
- if (!http->blocking)
|
|
+ if (!http->blocking || http->timeout_value > 0.0)
|
|
{
|
|
/*
|
|
* Make sure we have data before we read...
|
|
@@ -1245,6 +1245,9 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
|
|
char priority_string[2048];
|
|
/* Priority string */
|
|
int version; /* Current version */
|
|
+ double old_timeout; /* Old timeout value */
|
|
+ http_timeout_cb_t old_cb; /* Old timeout callback */
|
|
+ void *old_data; /* Old timeout data */
|
|
static const char * const versions[] =/* SSL/TLS versions */
|
|
{
|
|
"VERS-SSL3.0",
|
|
@@ -1578,6 +1581,24 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
|
|
#endif /* HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION */
|
|
gnutls_transport_set_push_function(http->tls, http_gnutls_write);
|
|
|
|
+ /*
|
|
+ * Enforce a minimum timeout of 10 seconds for the TLS handshake...
|
|
+ */
|
|
+
|
|
+ old_timeout = http->timeout_value;
|
|
+ old_cb = http->timeout_cb;
|
|
+ old_data = http->timeout_data;
|
|
+
|
|
+ if (!old_cb || old_timeout < 10.0)
|
|
+ {
|
|
+ DEBUG_puts("4_httpTLSStart: Setting timeout to 10 seconds.");
|
|
+ httpSetTimeout(http, 10.0, NULL, NULL);
|
|
+ }
|
|
+
|
|
+ /*
|
|
+ * Do the TLS handshake...
|
|
+ */
|
|
+
|
|
while ((status = gnutls_handshake(http->tls)) != GNUTLS_E_SUCCESS)
|
|
{
|
|
DEBUG_printf(("5_httpStartTLS: gnutls_handshake returned %d (%s)",
|
|
@@ -1595,10 +1616,18 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
|
|
free(credentials);
|
|
http->tls = NULL;
|
|
|
|
+ httpSetTimeout(http, old_timeout, old_cb, old_data);
|
|
+
|
|
return (-1);
|
|
}
|
|
}
|
|
|
|
+ /*
|
|
+ * Restore the previous timeout settings...
|
|
+ */
|
|
+
|
|
+ httpSetTimeout(http, old_timeout, old_cb, old_data);
|
|
+
|
|
http->tls_credentials = credentials;
|
|
|
|
return (0);
|
|
diff --git a/cups/tls.c b/cups/tls.c
|
|
index e8874004f..278439db2 100644
|
|
--- a/cups/tls.c
|
|
+++ b/cups/tls.c
|
|
@@ -30,7 +30,7 @@
|
|
|
|
|
|
/*
|
|
- * Local functions...
|
|
+ * Include platform-specific TLS code...
|
|
*/
|
|
|
|
#ifdef HAVE_SSL
|
|
--
|
|
2.52.0
|
|
|