Repository: trafficserver Updated Branches: refs/heads/ts3714 2f41a41e9 -> 0537ef880
[TS-3714]: Separated the SSL handshake timeout changes to TS-3727. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0537ef88 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0537ef88 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0537ef88 Branch: refs/heads/ts3714 Commit: 0537ef880f8c1081dd08e4a4147886a402af157c Parents: 2f41a41 Author: Sudheer Vinukonda <[email protected]> Authored: Tue Jun 30 15:23:56 2015 +0000 Committer: Sudheer Vinukonda <[email protected]> Committed: Tue Jun 30 15:23:56 2015 +0000 ---------------------------------------------------------------------- iocore/net/P_SSLConfig.h | 1 - iocore/net/SSLConfig.cc | 3 --- iocore/net/SSLNetVConnection.cc | 15 --------------- iocore/net/SSLNextProtocolAccept.cc | 1 + mgmt/RecordsConfig.cc | 2 -- 5 files changed, 1 insertion(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0537ef88/iocore/net/P_SSLConfig.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index 1a6cd60..68dd50f 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -92,7 +92,6 @@ struct SSLConfigParams : public ConfigInfo { static int ssl_ocsp_cache_timeout; static int ssl_ocsp_request_timeout; static int ssl_ocsp_update_period; - static int ssl_handshake_timeout_in; static size_t session_cache_number_buckets; static size_t session_cache_max_bucket_size; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0537ef88/iocore/net/SSLConfig.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index 4876800..8e7766d 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -48,7 +48,6 @@ bool SSLConfigParams::ssl_ocsp_enabled = false; int SSLConfigParams::ssl_ocsp_cache_timeout = 3600; int SSLConfigParams::ssl_ocsp_request_timeout = 10; int SSLConfigParams::ssl_ocsp_update_period = 60; -int SSLConfigParams::ssl_handshake_timeout_in = 0; size_t SSLConfigParams::session_cache_number_buckets = 1024; bool SSLConfigParams::session_cache_skip_on_lock_contention = false; size_t SSLConfigParams::session_cache_max_bucket_size = 100; @@ -274,8 +273,6 @@ SSLConfigParams::initialize() client_verify_depth = 7; REC_ReadConfigInt32(clientVerify, "proxy.config.ssl.client.verify.server"); - REC_ReadConfigInt32(ssl_handshake_timeout_in, "proxy.config.ssl.handshake_timeout_in"); - ssl_client_cert_filename = NULL; ssl_client_cert_path = NULL; REC_ReadConfigStringAlloc(ssl_client_cert_filename, "proxy.config.ssl.client.cert.filename"); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0537ef88/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 0e9272c..d09e579 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -468,17 +468,6 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread) this->read.triggered = 0; readSignalError(nh, err); } else if (ret == SSL_HANDSHAKE_WANT_READ || ret == SSL_HANDSHAKE_WANT_ACCEPT || ret == EVENT_CONT) { - if (SSLConfigParams::ssl_handshake_timeout_in > 0) { - double handshake_time = ((Thread::get_hrtime() - sslHandshakeBeginTime)/1000000000); - Debug ("ssl", "ssl handshake for vc %p, took %.3f seconds, configured handshake_timer: %d", this, handshake_time, SSLConfigParams::ssl_handshake_timeout_in); - if (handshake_time > SSLConfigParams::ssl_handshake_timeout_in) { - Debug ("ssl", "ssl handshake for vc %p, expired, release the connection", this); - read.triggered = 0; - nh->read_ready_list.remove(this); - readSignalError(nh, VC_EVENT_EOS); - return; - } - } read.triggered = 0; nh->read_ready_list.remove(this); readReschedule(nh); @@ -894,10 +883,6 @@ SSLNetVConnection::free(EThread *t) int SSLNetVConnection::sslStartHandShake(int event, int &err) { - if (sslHandshakeBeginTime == 0) { - sslHandshakeBeginTime = Thread::get_hrtime(); - set_inactivity_timeout(HRTIME_SECONDS(SSLConfigParams::ssl_handshake_timeout_in)); - } switch (event) { case SSL_EVENT_SERVER: http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0537ef88/iocore/net/SSLNextProtocolAccept.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNextProtocolAccept.cc b/iocore/net/SSLNextProtocolAccept.cc index c4748c3..00f3a39 100644 --- a/iocore/net/SSLNextProtocolAccept.cc +++ b/iocore/net/SSLNextProtocolAccept.cc @@ -117,6 +117,7 @@ SSLNextProtocolAccept::mainEvent(int event, void *edata) { SSLNetVConnection *netvc = ssl_netvc_cast(event, edata); + netvc->sslHandshakeBeginTime = Thread::get_hrtime(); Debug("ssl", "[SSLNextProtocolAccept:mainEvent] event %d netvc %p", event, netvc); switch (event) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0537ef88/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index 750ea38..0f9d8c8 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1228,8 +1228,6 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.server_port", RECD_INT, "-1", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-65535]", RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.handshake_timeout_in", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-65535]", RECA_NULL} - , {RECT_CONFIG, "proxy.config.ssl.client.certification_level", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-2]", RECA_NULL} , {RECT_CONFIG, "proxy.config.ssl.server.cert.path", RECD_STRING, TS_BUILD_SYSCONFDIR, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL}
