-
Notifications
You must be signed in to change notification settings - Fork 306
HPCC-34165 HTTPLIB add timeout to SSL_connect/accept #19895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: candidate-9.10.x
Are you sure you want to change the base?
Conversation
Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-34165 Jirabot Action Result: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
Adds timeout support to SSL handshakes by making the socket non-blocking and polling until SSL_connect
/SSL_accept
complete or time out.
- Introduces
SSL_handleWait
andSSL_timedAcceptorConnect
for timed SSL handshakes. - Updates
ssl_new
to toggle non-blocking mode around the handshake. - Integrates the new timed handshake in both
SSLServer
andSSLClient
.
Comments suppressed due to low confidence (2)
system/httplib/httplib.h:5491
- [nitpick] Function name SSL_timedAcceptorConnect implies only accept but is also used for connect. Consider renaming to SSL_timedHandshake or similar to reflect its dual role.
inline int SSL_timedAcceptorConnect(SSL *ssl, socket_t sock, SSLMethod method)
system/httplib/httplib.h:5491
- No tests were added to verify the new handshake timeout behavior. Consider adding unit or integration tests that trigger both success and timeout paths.
inline int SSL_timedAcceptorConnect(SSL *ssl, socket_t sock, SSLMethod method)
|
||
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The enum SSLMethod is declared in the global scope and could collide; consider moving it into the detail
namespace to avoid polluting the public API.
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | |
namespace detail { | |
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | |
} // namespace detail |
Copilot uses AI. Check for mistakes.
|
||
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add comments or docstrings for SSL_handleWait to clarify its behavior, parameters (especially errCode vs. sslErr), and return semantics.
/** | |
* Handles SSL/TLS wait conditions for read or write operations. | |
* | |
* This function checks the SSL error code and waits for the socket to become | |
* ready for reading or writing, based on the error condition. It uses a | |
* timeout mechanism to avoid indefinite blocking. | |
* | |
* @param ssl A pointer to the SSL object representing the connection. | |
* @param sock The socket file descriptor associated with the SSL connection. | |
* @param errCode The error code returned by a previous SSL operation. | |
* This is used to determine the type of wait condition. | |
* @param sslErr A pointer to an integer where the SSL error code will be stored. | |
* This is an output parameter that provides additional error details. | |
* @param remainingMs The maximum time to wait, in milliseconds, for the socket to | |
* become ready for the required operation. | |
* @return Returns 0 if the socket is ready, -1 if an error occurs, or | |
* a positive value if the timeout expires. | |
*/ |
Copilot uses AI. Check for mistakes.
Signed-off-by: M Kelly <mark.kelly+copilot@lexisnexisrisk.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
Adds timeout support for SSL handshakes in HTTPLIB by switching to non-blocking I/O and polling.
- Introduces
SSL_handleWait
andSSL_timedAcceptorConnect
for timedSSL_accept
/SSL_connect
- Updates
detail::ssl_new
to perform non-blocking handshake and restore blocking mode - Modifies server and client code to use the timed handshake routine
Comments suppressed due to low confidence (2)
system/httplib/httplib.h:5491
- [nitpick] The function name SSL_timedAcceptorConnect is ambiguous since it handles both accept and connect. Consider renaming it to something more general like SSL_timedHandshake.
inline int SSL_timedAcceptorConnect(SSL *ssl, socket_t sock, SSLMethod method)
system/httplib/httplib.h:5463
- New handshake timeout helpers were added but there are no tests covering these new code paths. Consider adding unit or integration tests for SSL handshake timeouts.
inline int SSL_handleWait(SSL *ssl, socket_t sock, int errCode, int *sslErr, unsigned remainingMs)
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SSLMethod enum is declared in the global namespace, which can pollute the project namespace. Consider moving SSLMethod and its helper functions into the detail namespace to encapsulate implementation details.
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | |
namespace detail { | |
enum SSLMethod { SSL_ACCEPT_METHOD, SSL_CONNECT_METHOD }; | |
} // namespace detail |
Copilot uses AI. Check for mistakes.
|
||
inline int SSL_timedAcceptorConnect(SSL *ssl, socket_t sock, SSLMethod method) | ||
{ | ||
unsigned timeoutMs = 60*1000; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nitpick] Using a hardcoded magic number for the handshake timeout makes it inflexible. Extract this into a named constant or configuration parameter so it can be adjusted without code changes.
unsigned timeoutMs = 60*1000; | |
unsigned timeoutMs = CPPHTTPLIB_HANDSHAKE_TIMEOUT_MS; |
Copilot uses AI. Check for mistakes.
@jakesmith does this look correct ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that httplib.h explicitly warns that they do not support non-blocking:
https://github.com/yhirose/cpp-httplib#:~:text=Important,that%20you%20want.
Should we instead be switching to something more robust?
https://github.com/microsoft/cpprestsdk - not actively maintained though, but simple, fairly close to httplib in use I think
https://github.com/boostorg/beast - more widely used and maintained, but looks like requires quite a lot of boiler plate code
Should we add this ? |
Type of change:
Checklist:
Smoketest:
Testing: