You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2018/12/04 09:57:32 UTC
[2/2] httpcomponents-core git commit: SSLIOSession: Add
`connectTimeout` constructor param
SSLIOSession: Add `connectTimeout` constructor param
This change adds low-level support for TLS handshake timeouts in the
class that actually performs the handshake. The contractual
`socketTimeout`, if set, will only be applied to the underlying
IOSession after the handshake is complete.
Project: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/commit/ba9596f5
Tree: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/tree/ba9596f5
Diff: http://git-wip-us.apache.org/repos/asf/httpcomponents-core/diff/ba9596f5
Branch: refs/heads/master
Commit: ba9596f5156dd89aa41b0ada1dd8c33cbe0ffa46
Parents: fa213df
Author: Ryan Schmitt <rs...@apache.org>
Authored: Fri Nov 30 15:44:20 2018 -0800
Committer: Oleg Kalnichevski <ol...@apache.org>
Committed: Tue Dec 4 10:42:23 2018 +0100
----------------------------------------------------------------------
.../hc/core5/reactor/InternalDataChannel.java | 3 ++-
.../hc/core5/reactor/ssl/SSLIOSession.java | 25 +++++++++++++++++---
2 files changed, 24 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/ba9596f5/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
----------------------------------------------------------------------
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java b/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
index 48cf90b..3f2faf6 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/reactor/InternalDataChannel.java
@@ -247,7 +247,8 @@ final class InternalDataChannel extends InternalChannel implements ProtocolIOSes
}
}
- }))) {
+ },
+ null))) {
throw new IllegalStateException("TLS already activated");
}
}
http://git-wip-us.apache.org/repos/asf/httpcomponents-core/blob/ba9596f5/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
----------------------------------------------------------------------
diff --git a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
index 81bc5d6..98ada25 100644
--- a/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
+++ b/httpcore5/src/main/java/org/apache/hc/core5/reactor/ssl/SSLIOSession.java
@@ -90,6 +90,7 @@ public class SSLIOSession implements IOSession {
private volatile SSLMode sslMode;
private volatile int status;
private volatile boolean initialized;
+ private volatile Timeout socketTimeout;
private TlsDetails tlsDetails;
/**
@@ -112,7 +113,7 @@ public class SSLIOSession implements IOSession {
final SSLSessionInitializer initializer,
final SSLSessionVerifier verifier,
final Callback<SSLIOSession> callback) {
- this(targetEndpoint, session, sslMode, sslContext, SSLBufferMode.STATIC, initializer, verifier, callback);
+ this(targetEndpoint, session, sslMode, sslContext, SSLBufferMode.STATIC, initializer, verifier, callback, null);
}
/**
@@ -125,6 +126,7 @@ public class SSLIOSession implements IOSession {
* @param sslBufferMode buffer management mode
* @param initializer optional SSL session initializer. May be {@code null}.
* @param verifier optional SSL session verifier. May be {@code null}.
+ * @param connectTimeout timeout to apply for the TLS/SSL handshake. May be {@code null}.
*
* @since 5.0
*/
@@ -136,7 +138,8 @@ public class SSLIOSession implements IOSession {
final SSLBufferMode sslBufferMode,
final SSLSessionInitializer initializer,
final SSLSessionVerifier verifier,
- final Callback<SSLIOSession> callback) {
+ final Callback<SSLIOSession> callback,
+ final Timeout connectTimeout) {
super();
Args.notNull(session, "IO session");
Args.notNull(sslContext, "SSL context");
@@ -187,6 +190,12 @@ public class SSLIOSession implements IOSession {
};
this.bytesReadCount = new AtomicLong(0);
+
+ // Save the initial socketTimeout of the underlying IOSession, to be restored after the handshake is finished
+ this.socketTimeout = this.session.getSocketTimeout();
+ if (connectTimeout != null) {
+ this.session.setSocketTimeout(connectTimeout);
+ }
}
@Override
@@ -345,6 +354,7 @@ public class SSLIOSession implements IOSession {
handshaking = false;
break;
case FINISHED:
+ this.session.setSocketTimeout(this.socketTimeout);
break;
}
}
@@ -790,7 +800,16 @@ public class SSLIOSession implements IOSession {
@Override
public void setSocketTimeout(final Timeout timeout) {
- this.session.setSocketTimeout(timeout);
+ this.socketTimeout = timeout;
+
+ this.session.lock().lock();
+ try {
+ if (this.sslEngine.getHandshakeStatus() == HandshakeStatus.FINISHED) {
+ this.session.setSocketTimeout(timeout);
+ }
+ } finally {
+ this.session.lock().unlock();
+ }
}
@Override
Re: [2/2] httpcomponents-core git commit: SSLIOSession: Add
`connectTimeout` constructor param
Posted by Oleg Kalnichevski <ol...@apache.org>.
On Tue, 2018-12-04 at 09:57 +0000, olegk@apache.org wrote:
> SSLIOSession: Add `connectTimeout` constructor param
>
> This change adds low-level support for TLS handshake timeouts in the
> class that actually performs the handshake. The contractual
> `socketTimeout`, if set, will only be applied to the underlying
> IOSession after the handshake is complete.
>
>
Hi Ryan,
I had to re-organize the commit sequence in order to ensure there were
no commits while the project was in a non-SNAPSHOT state. At the moment
we do not use release branches to cut releases for the simplicity sake,
so active branches are in an effective state of freeze while a release
is ongoing. In other words please do not commit to a development branch
until the release vote has been closed and project version changed to a
SNAPSHOT.
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org