David Stutzman wrote:
(How) Is it possible to set a connection timeout for a JSS SSLSocket?
http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html
None of the constructors have a connection timeout and
SSLSocket.setSoTimeout(int timeout) can only be called *after*
creating the socket so I'm assuming it functions as a read/write timeout.
True you can only call SSLSocket.setSoTimeout(int timeout) after you
successfully instantiated an SSLSocket instance, that has achieved a
successful socket connection.
There are plenty of examples of setSoTimeout being used in the JSS tests.
http://mxr.mozilla.org/security/search?string=setSoTimeout
but the info is not related to your issue. Just trying to clear up some
confusion.
From testing it appears it's using a 30 second timeout, I just have no
idea where it's getting this value from and if/how I can change it.
Opening connection: Wed Feb 18 11:03:31 EST 2009
Exception: Wed Feb 18 11:04:01 EST 2009
java.net.SocketTimeoutException: Unable to connect: (-5990) I/O
operation timed out.
at org.mozilla.jss.ssl.SSLSocket.socketConnect(Native Method)
at org.mozilla.jss.ssl.SSLSocket.<init>(SSLSocket.java:265)
at org.mozilla.jss.ssl.SSLSocket.<init>(SSLSocket.java:236)
at org.mozilla.jss.ssl.SSLSocket.<init>(SSLSocket.java:180)
Your testing is attempting to create a SSLSocket and the socketConnect
fails.
In this case SSLSocket.socketConnect was unable to make the basic socket
connection and returned I/O operation time out. You need to handle the
error and determine why your configuration cannot connect.
This is not a bug in JSS or with the NSPR PR_Connect call.
PR_INTERVAL_NO_TIMEOUT as a value to PR_Connect is stating have the
timeout be the
underlying OS's timeout interval.
There is a bug open to fix the NSPR documentation.
https://bugzilla.mozilla.org/show_bug.cgi?id=276536
It's likely that your trying to debug a server that is taking too long
to reply to a TCP connection?
Or attempting to connect to an IP address that there is no active computer?
-glen
The native method socketConnect is defined here:
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/ssl/SSLSocket.c#457
and down on line 501 appears to be the actual connect call:
http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/ssl/SSLSocket.c#501
status = PR_Connect(sock->fd, &addr, PR_INTERVAL_NO_TIMEOUT);
PR_INTERVAL_NO_TIMEOUT is defined here:
http://mxr.mozilla.org/security/source/nsprpub/pr/include/prinrval.h#83
Logically, no timeout would mean no timeout...so where does 30 seconds
come into play? Is NSPR getting some value from my OS and using it?
Thanks,
Dave
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
