the handshake function has a timeout value by default

4 files changed, 22 insertions, 5 deletions

diff --git a/lib/gnutls_dtls.c b/lib/gnutls_dtls.c
index ab02721a8d..c07f08f6eb 100644
--- a/lib/gnutls_dtls.c
+++ b/lib/gnutls_dtls.c
@@ -548,7 +548,7 @@ int _dtls_record_check(struct record_parameters_st *rp, uint64 * _seq)
  * handshake will be aborted with %GNUTLS_E_TIMEDOUT.
  *
  * The DTLS protocol recommends the values of 1 sec and 60 seconds
- * respectively.
+ * respectively, and these are the default values.
  *
  * If the retransmission timeout is zero then the handshake will operate
  * in a non-blocking way, i.e., return %GNUTLS_E_AGAIN.
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index f1c525ad27..28e4a7eafe 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2525,6 +2525,16 @@ int gnutls_handshake(gnutls_session_t session)
 		if (session->internals.priorities.protocol.algorithms == 0)
 			return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);
 
+		/* if no pull timeout has not been set, and a handshake timeout
+		 * is set, disable it */
+		if (unlikely((session->internals.pull_timeout_func == NULL || 
+		    (session->internals.pull_timeout_func == system_recv_timeout && 
+                     session->internals.pull_func != system_read)) && 
+		     session->internals.handshake_timeout_ms != 0)) {
+			_gnutls_debug_log("Cannot enforce the handshake timeout; there is no pull_timeout function set.\n");
+            session->internals.handshake_timeout_ms = 0;
+		}
+
 		gettime(&session->internals.dtls.handshake_start_time);
 		if (session->internals.handshake_timeout_ms &&
 		    session->internals.handshake_endtime == 0)
@@ -2584,10 +2594,14 @@ int gnutls_handshake(gnutls_session_t session)
  * @session: is a #gnutls_session_t structure.
  * @ms: is a timeout value in milliseconds
  *
- * This function sets the timeout for the handshake process
+ * This function sets the timeout for the TLS handshake process
  * to the provided value. Use an @ms value of zero to disable
  * timeout, or %GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT for a reasonable
- * default value.
+ * default value. For the DTLS protocol, the more detailed
+ * gnutls_dtls_set_timeouts() is provided.
+ *
+ * The TLS handshake process always has the default timeout value since 
+ * GnuTLS 3.4.0. To unset call this function with zero value.
  *
  * Since: 3.1.0
  **/
@@ -2595,7 +2609,7 @@ void
 gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
 {
 	if (ms == GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT)
-		ms = 40 * 1000;
+		ms = DEFAULT_HANDSHAKE_TIMEOUT_MS;
 	session->internals.handshake_timeout_ms = ms;
 }
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index deca5fe772..106cd73b25 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -167,6 +167,7 @@ typedef enum {
 
 /* expire time for resuming sessions */
 #define DEFAULT_EXPIRE_TIME 3600
+#define DEFAULT_HANDSHAKE_TIMEOUT_MS 40*1000
 
 typedef enum transport_t {
 	GNUTLS_STREAM,
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 61655312f1..fffe4a0584 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -393,8 +393,10 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 
 		(*session)->internals.dtls.retrans_timeout_ms = 1000;
 		(*session)->internals.dtls.total_timeout_ms = 60000;
-	} else
+	} else {
+		(*session)->internals.handshake_timeout_ms = DEFAULT_HANDSHAKE_TIMEOUT_MS;
 		(*session)->internals.transport = GNUTLS_STREAM;
+	}
 
 	if (flags & GNUTLS_NONBLOCK)
 		(*session)->internals.dtls.blocking = 0;