File 0208-inets-re-use-connect_timeout-option-in-TLS... of Package erlang

Overview Repositories Revisions Requests Users Attributes Meta

File 0208-inets-re-use-connect_timeout-option-in-TLS-upgrade.patch of Package erlang

From 98123fc35f868187f085d2e74f2079f2a7237dac Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 25 Mar 2022 15:49:55 +0100
Subject: [PATCH] inets: re-use connect_timeout option in TLS upgrade

- re-use connect_timeout during TLS upgrade of connection over proxy
- connect_timeout test in inets
- TLS upgrade client timeout test in ssl
---
 lib/inets/src/http_client/httpc_handler.erl |  6 ++--
 lib/inets/test/httpc_proxy_SUITE.erl        | 22 +++++++++++--
 lib/ssl/test/ssl_test_lib.erl               | 21 +++++++++++++
 lib/ssl/test/tls_api_SUITE.erl              | 34 +++++++++++++++++++++
 4 files changed, 77 insertions(+), 6 deletions(-)

diff --git a/lib/inets/src/http_client/httpc_handler.erl b/lib/inets/src/http_client/httpc_handler.erl
index c5993cc37c..b7f79a5ed3 100644
--- a/lib/inets/src/http_client/httpc_handler.erl
+++ b/lib/inets/src/http_client/httpc_handler.erl
@@ -1637,14 +1637,14 @@ host_header(_, URI) ->
 tls_upgrade(#state{status = 
 		       {ssl_tunnel, 
 			#request{settings = 
-				     #http_options{ssl = {_, TLSOptions0} = SocketType},
+				     #http_options{ssl = {_, TLSOptions0} = SocketType,
+						   connect_timeout = ConnectTimeout},
 				     address = {Host, _} = Address} = Request},
 		   session = #session{socket = TCPSocket} = Session0,
 		   options = Options} = State) ->
 
     TLSOptions = maybe_add_sni(Host, TLSOptions0),
-
-    case ssl:connect(TCPSocket, TLSOptions) of
+    case ssl:connect(TCPSocket, TLSOptions, ConnectTimeout) of
 	{ok, TLSSocket} ->
 	    ClientClose = httpc_request:is_client_closing(Request#request.headers),
 	    SessionType = httpc_manager:session_type(Options),
diff --git a/lib/inets/test/httpc_proxy_SUITE.erl b/lib/inets/test/httpc_proxy_SUITE.erl
index a962867ce1..d47d340b45 100644
--- a/lib/inets/test/httpc_proxy_SUITE.erl
+++ b/lib/inets/test/httpc_proxy_SUITE.erl
@@ -78,14 +78,15 @@ local_proxy_cases() ->
      http_not_modified_otp_6821].
 
 local_proxy_https_cases() ->
-    [https_connect_error].
+    [https_connect_error,
+     http_timeout].
 
 %%--------------------------------------------------------------------
 
 init_per_suite(Config0) ->
     case init_apps(suite_apps(), Config0) of
 	Config when is_list(Config) ->
-	    make_cert_files(dsa, "server-", Config),
+	    make_cert_files(Config),
 	    Config;
 	Other ->
 	    Other
@@ -445,6 +446,21 @@ https_connect_error(Config) when is_list(Config) ->
 	httpc:request(Method, Request, HttpOpts, Opts).
 
 %%--------------------------------------------------------------------
+http_timeout(doc) ->
+    ["Test http/https connect and upgrade timeouts."];
+http_timeout(Config) when is_list(Config) ->
+    Method = get,
+    URL = url("/index.html", Config),
+    Request = {URL,[]},
+    Timeout = timer:seconds(1),
+    HttpOpts1 = [{timeout, Timeout}, {connect_timeout, 0}],
+    {error,
+     {failed_connect,
+      [{to_address,{"localhost",8000}},
+       {inet,[inet],timeout}]}}
+	= httpc:request(Method, Request, HttpOpts1, []),
+    ok.
+%%--------------------------------------------------------------------
 %% Internal Functions ------------------------------------------------
 %%--------------------------------------------------------------------
 
@@ -489,7 +505,7 @@ app_start(App, Config) ->
 app_stop(App) ->
     application:stop(App).
 
-make_cert_files(Alg, Prefix, Config) ->
+make_cert_files(Config) ->
     ClientFileBase = filename:join([proplists:get_value(priv_dir, Config), "client"]),
     ServerFileBase = filename:join([proplists:get_value(priv_dir, Config), "server"]),
     GenCertData =
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index d5899d9711..2f7314adb8 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -51,6 +51,7 @@
          start_upgrade_server/1,
          start_upgrade_server_error/1,
          start_upgrade_client/1,
+         start_upgrade_client_error/1,
          start_client_error/1,
          start_server_error/1,
          start_server_transport_abuse_socket/1,
@@ -70,6 +71,7 @@
          run_upgrade_server/1,
          run_upgrade_client/1,
          run_upgrade_server_error/1,
+         run_upgrade_client_error/1,
          run_client_error/1,
          send_recv_result_active/3,
          wait_for_result/2,
@@ -1990,6 +1992,25 @@ run_upgrade_client(Opts) ->
 	    ssl:close(SslSocket)
     end.
 
+start_upgrade_client_error(Args) ->
+    Node = proplists:get_value(node, Args),
+    spawn_link(Node, ?MODULE, run_upgrade_client_error, [Args]).
+
+run_upgrade_client_error(Opts) ->
+    Host = proplists:get_value(host, Opts),
+    Port = proplists:get_value(port, Opts),
+    Pid = proplists:get_value(from, Opts),
+    Timeout = proplists:get_value(timeout, Opts, infinity),
+    TcpOptions = proplists:get_value(tcp_options, Opts),
+    SslOptions = proplists:get_value(ssl_options, Opts),
+    ?LOG("gen_tcp:connect(~p, ~p, ~p)",
+               [Host, Port, TcpOptions]),
+    {ok, Socket} = gen_tcp:connect(Host, Port, TcpOptions),
+    send_selected_port(Pid, Port, Socket),
+    ?LOG("ssl:connect(~p, ~p)", [Socket, SslOptions]),
+    Error = ssl:connect(Socket, SslOptions, Timeout),
+    Pid ! {self(), Error}.
+
 start_upgrade_server_error(Args) ->
     Node = proplists:get_value(node, Args),
     Result = spawn_link(Node,?MODULE, run_upgrade_server_error, [Args]),
diff --git a/lib/ssl/test/tls_api_SUITE.erl b/lib/ssl/test/tls_api_SUITE.erl
index 9bc1529a4a..47baeab371 100644
--- a/lib/ssl/test/tls_api_SUITE.erl
+++ b/lib/ssl/test/tls_api_SUITE.erl
@@ -47,6 +47,8 @@
          tls_upgrade_new_opts_with_sni_fun/1,
          tls_upgrade_with_timeout/0,
          tls_upgrade_with_timeout/1,
+         tls_upgrade_with_client_timeout/0,
+         tls_upgrade_with_client_timeout/1,
          tls_downgrade/0,
          tls_downgrade/1,
          tls_shutdown/0,
@@ -144,6 +146,7 @@ api_tests() ->
      tls_upgrade_new_opts,
      tls_upgrade_new_opts_with_sni_fun,
      tls_upgrade_with_timeout,
+     tls_upgrade_with_client_timeout,
      tls_downgrade,
      tls_shutdown,
      tls_shutdown_write,
@@ -315,6 +318,37 @@ tls_upgrade_with_timeout(Config) when is_list(Config) ->
     ssl_test_lib:close(Server),
     ssl_test_lib:close(Client).
 
+tls_upgrade_with_client_timeout() ->
+    [{doc,"Test upgrade with connect/3 and a timeout value"}].
+
+tls_upgrade_with_client_timeout(Config) when is_list(Config) ->
+    ClientOpts = ssl_test_lib:ssl_options(client_rsa_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_rsa_opts, Config),
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    TcpOpts = [binary, {reuseaddr, true}],
+
+    Server = ssl_test_lib:start_upgrade_server([{node, ServerNode}, {port, 0},
+						{from, self()},
+						{mfa, {?MODULE,
+						       upgrade_result, []}},
+						{tcp_options,
+						 [{active, false} | TcpOpts]},
+						{ssl_options, [{verify, verify_peer} | ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    Client = ssl_test_lib:start_upgrade_client_error([{node, ClientNode},
+						{port, Port},
+				   {host, Hostname},
+				   {from, self()},
+                                   {timeout, 0},
+				   {mfa, {?MODULE, upgrade_result, []}},
+				   {tcp_options, [binary]},
+				   {ssl_options,  [{verify, verify_peer},
+                                                   {server_name_indication, Hostname} | ClientOpts]}]),
+
+    ct:log("Testcase ~p, Client ~p  Server ~p", [self(), Client, Server]),
+    ok = ssl_test_lib:check_result(Client, {error, timeout}),
+    ssl_test_lib:close(Server).
+
 %%--------------------------------------------------------------------
 tls_downgrade() ->
       [{doc,"Test that you can downgarde an ssl connection to an tcp connection"}].
-- 
2.34.1

Places

File 0208-inets-re-use-connect_timeout-option-in-TLS-upgrade.patch of Package erlang

Places