arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-If an SSL handshake takes 10 seconds, abort the connection from the server

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@1122 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2008-04-18 18:52:45 +00:00
parent 69f2a0db4a
commit 6a6be9a70b
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
xCAT-server-2.0/sbin/xcatd
View File

@ -419,6 +419,7 @@ xCAT::NotifHandler::setup($$);
xCAT_monitoring::monitorctrl::start($$);
my $peername;
my $ssltimeout;
until ($quit) {
next unless my $cnnection=$listener->accept;
my $connection;
@ -430,13 +431,27 @@ until ($quit) {
if ($child == 0) {
$listener->close;
$connection = IO::Socket::SSL->start_SSL($cnnection,
SSL_key_file=>$xcatdir."/cert/server-key.pem",
SSL_cert_file=>$xcatdir."/cert/server-cert.pem",
SSL_ca_file=>$xcatdir."/cert/ca.pem",
SSL_server=>1,
SSL_verify_mode=> 1
);
$SIG{ALRM} = sub { $ssltimeout = 1; die; };
eval {
alarm(10);
$connection = IO::Socket::SSL->start_SSL($cnnection,
SSL_key_file=>$xcatdir."/cert/server-key.pem",
SSL_cert_file=>$xcatdir."/cert/server-cert.pem",
SSL_ca_file=>$xcatdir."/cert/ca.pem",
SSL_server=>1,
SSL_verify_mode=> 1
);
alarm(0);
};
undef $SIG{ALRM};
if ($@) { #SSL failure
close($cnnection);
exit 0;
}
unless ($connection) {
exit 0;
}
my $peerhost=undef;
my $peer=$connection->peer_certificate("owner");
if ($peer) {