Skip to content

Commit

Permalink
Merge pull request #3601 from sekiyama58/tls-handshake-connect-timeout
Browse files Browse the repository at this point in the history
Apply connect_timeout also to TLS handshake
  • Loading branch information
ashie authored Jan 14, 2022
2 parents f159b5a + 147d175 commit c297456
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions lib/fluent/plugin_helper/socket.rb
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ def socket_create_tls(
enable_system_cert_store: true, allow_self_signed_cert: false, cert_paths: nil,
cert_path: nil, private_key_path: nil, private_key_passphrase: nil,
cert_thumbprint: nil, cert_logical_store_name: nil, cert_use_enterprise_store: true,
connect_timeout: nil,
**kwargs, &block)

host_is_ipaddress = IPAddr.new(host) rescue false
Expand Down Expand Up @@ -158,13 +159,23 @@ def socket_create_tls(
end
Fluent::TLS.set_version_to_context(context, version, min_version, max_version)

tcpsock = socket_create_tcp(host, port, **kwargs)
tcpsock = socket_create_tcp(host, port, connect_timeout: connect_timeout, **kwargs)
sock = WrappedSocket::TLS.new(tcpsock, context)
sock.sync_close = true
sock.hostname = fqdn if verify_fqdn && fqdn && sock.respond_to?(:hostname=)

log.trace "entering TLS handshake"
sock.connect
if connect_timeout
begin
Timeout.timeout(connect_timeout) { sock.connect }
rescue Timeout::Error
log.warn "timeout while connecting tls session", host: host
sock.close rescue nil
raise
end
else
sock.connect
end

begin
if verify_fqdn
Expand Down

0 comments on commit c297456

Please sign in to comment.