diff options
| author | Neil Aspinall <mail@neilaspinall.co.uk> | 2017-12-19 19:45:42 +0000 | 
|---|---|---|
| committer | Andrew Svetlov <andrew.svetlov@gmail.com> | 2017-12-19 21:45:42 +0200 | 
| commit | f7686c1f5553b24e3307506a18e18f6544de94d3 (patch) | |
| tree | eb732724e966a23a7837e824d39a2f7181183798 /Lib/asyncio/events.py | |
| parent | 4b965930e8625f77cb0e821daf5cc40e85b45f84 (diff) | |
| download | cpython-git-f7686c1f5553b24e3307506a18e18f6544de94d3.tar.gz | |
bpo-29970: Add timeout for SSL handshake in asyncio
10 seconds by default.
Diffstat (limited to 'Lib/asyncio/events.py')
| -rw-r--r-- | Lib/asyncio/events.py | 46 | 
1 files changed, 31 insertions, 15 deletions
| diff --git a/Lib/asyncio/events.py b/Lib/asyncio/events.py index 974a4a2221..c9033c020f 100644 --- a/Lib/asyncio/events.py +++ b/Lib/asyncio/events.py @@ -250,16 +250,20 @@ class AbstractEventLoop:      async def getnameinfo(self, sockaddr, flags=0):          raise NotImplementedError -    async def create_connection(self, protocol_factory, host=None, port=None, -                                *, ssl=None, family=0, proto=0, -                                flags=0, sock=None, local_addr=None, -                                server_hostname=None): -        raise NotImplementedError - -    async def create_server(self, protocol_factory, host=None, port=None, -                            *, family=socket.AF_UNSPEC, -                            flags=socket.AI_PASSIVE, sock=None, backlog=100, -                            ssl=None, reuse_address=None, reuse_port=None): +    async def create_connection( +            self, protocol_factory, host=None, port=None, +            *, ssl=None, family=0, proto=0, +            flags=0, sock=None, local_addr=None, +            server_hostname=None, +            ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT): +        raise NotImplementedError + +    async def create_server( +            self, protocol_factory, host=None, port=None, +            *, family=socket.AF_UNSPEC, +            flags=socket.AI_PASSIVE, sock=None, backlog=100, +            ssl=None, reuse_address=None, reuse_port=None, +            ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):          """A coroutine which creates a TCP server bound to host and port.          The return value is a Server object which can be used to stop @@ -294,16 +298,25 @@ class AbstractEventLoop:          the same port as other existing endpoints are bound to, so long as          they all set this flag when being created. This option is not          supported on Windows. + +        ssl_handshake_timeout is the time in seconds that an SSL server +        will wait for completion of the SSL handshake before aborting the +        connection. Default is 10s, longer timeouts may increase vulnerability +        to DoS attacks (see https://support.f5.com/csp/article/K13834)          """          raise NotImplementedError -    async def create_unix_connection(self, protocol_factory, path=None, *, -                                     ssl=None, sock=None, -                                     server_hostname=None): +    async def create_unix_connection( +            self, protocol_factory, path=None, *, +            ssl=None, sock=None, +            server_hostname=None, +            ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):          raise NotImplementedError -    async def create_unix_server(self, protocol_factory, path=None, *, -                                 sock=None, backlog=100, ssl=None): +    async def create_unix_server( +            self, protocol_factory, path=None, *, +            sock=None, backlog=100, ssl=None, +            ssl_handshake_timeout=constants.SSL_HANDSHAKE_TIMEOUT):          """A coroutine which creates a UNIX Domain Socket server.          The return value is a Server object, which can be used to stop @@ -320,6 +333,9 @@ class AbstractEventLoop:          ssl can be set to an SSLContext to enable SSL over the          accepted connections. + +        ssl_handshake_timeout is the time in seconds that an SSL server +        will wait for the SSL handshake to complete (defaults to 10s).          """          raise NotImplementedError | 
