From 6a6be9a70ba335ca630ef33cb25a92c09f109b99 Mon Sep 17 00:00:00 2001
From: jbjohnso <jbjohnso@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Fri, 18 Apr 2008 18:52:45 +0000
Subject: [PATCH] -If an SSL handshake takes 10 seconds, abort the connection
 from the server

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@1122 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 xCAT-server-2.0/sbin/xcatd | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/xCAT-server-2.0/sbin/xcatd b/xCAT-server-2.0/sbin/xcatd
index 9812bcfd0..994e994ea 100755
--- a/xCAT-server-2.0/sbin/xcatd
+++ b/xCAT-server-2.0/sbin/xcatd
@@ -419,6 +419,7 @@ xCAT::NotifHandler::setup($$);
 xCAT_monitoring::monitorctrl::start($$);
 
 my $peername;
+my $ssltimeout;
 until ($quit) {
   next unless my $cnnection=$listener->accept;
   my $connection;
@@ -430,13 +431,27 @@ until ($quit) {
 
   if ($child == 0) {
     $listener->close;
-    $connection = IO::Socket::SSL->start_SSL($cnnection,
-    SSL_key_file=>$xcatdir."/cert/server-key.pem",
-    SSL_cert_file=>$xcatdir."/cert/server-cert.pem",
-    SSL_ca_file=>$xcatdir."/cert/ca.pem",
-    SSL_server=>1,
-    SSL_verify_mode=> 1
-    );
+
+    $SIG{ALRM} = sub { $ssltimeout = 1; die; }; 
+    eval {
+      alarm(10);
+      $connection = IO::Socket::SSL->start_SSL($cnnection,
+      SSL_key_file=>$xcatdir."/cert/server-key.pem",
+      SSL_cert_file=>$xcatdir."/cert/server-cert.pem",
+      SSL_ca_file=>$xcatdir."/cert/ca.pem",
+      SSL_server=>1,
+      SSL_verify_mode=> 1
+      );
+      alarm(0);
+    };
+    undef $SIG{ALRM};
+    if ($@) { #SSL failure
+       close($cnnection);
+       exit 0;
+    }
+    unless ($connection) {
+       exit 0;
+    }
     my $peerhost=undef;
     my $peer=$connection->peer_certificate("owner");
     if ($peer) {