# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1746114916 -10800
# Thu May 01 18:55:16 2025 +0300
# Node ID ea2fca0e094ffa78db62ec8655a42965441cd8df
# Parent 4053f6d9b5c0caca67365a320488154b84ebfba8
Stream: fixed proxy_connect_timeout with SSL proxying.
Connection establishment, including SSL handshake, is expected to complete
within the time set with the proxy_connect_timeout directive. However,
previously corresponding timer was removed after TCP connect, and then
again added for SSL handshaking, resulting in 2x longer time allowed in
the worst case.
Fix is to remove the timer in ngx_stream_proxy_init_upstream() instead of
doing this in ngx_stream_proxy_connect_handler().
diff --git a/src/stream/ngx_stream_proxy_module.c
b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -929,6 +929,10 @@ ngx_stream_proxy_init_upstream(ngx_strea
pc->read->handler = ngx_stream_proxy_upstream_handler;
pc->write->handler = ngx_stream_proxy_upstream_handler;
+ if (pc->write->timer_set) {
+ ngx_del_timer(pc->write);
+ }
+
if (pc->read->ready) {
ngx_post_event(pc->read, &ngx_posted_events);
}
@@ -1113,10 +1117,6 @@ ngx_stream_proxy_ssl_handshake(ngx_conne
}
}
- if (pc->write->timer_set) {
- ngx_del_timer(pc->write);
- }
-
ngx_stream_proxy_init_upstream(s);
return;
@@ -1494,8 +1494,6 @@ ngx_stream_proxy_connect_handler(ngx_eve
return;
}
- ngx_del_timer(c->write);
-
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"stream proxy connect upstream");
