diff options
author | Carlos Corbacho <carlos@strangeworlds.co.uk> | 2022-11-12 08:57:36 +0000 |
---|---|---|
committer | Asif Saif Uddin <auvipy@gmail.com> | 2022-11-12 19:27:27 +0600 |
commit | 07daef775c6807913e8debed2935fc59343b58dd (patch) | |
tree | 3908cbe4e6fef451a45236175b4eaff7791b4097 | |
parent | df89ff49793c5b9b418d5ecfb32894405acdd406 (diff) | |
download | py-amqp-07daef775c6807913e8debed2935fc59343b58dd.tar.gz |
Set an explicit timeout on SSL handshake to prevent hangs
If we do not set a timeout on the SSL handshake, this can cause an infinite
hang if something happens during this point to the remote end - this
has been seen with AWS MQ RabbitMQ during cluster maintenance triggering
a reboot, and causing hangs of any connection that is in the handshake
phase.
-rw-r--r-- | amqp/transport.py | 2 | ||||
-rw-r--r-- | t/unit/test_transport.py | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/amqp/transport.py b/amqp/transport.py index 2761f09..c915977 100644 --- a/amqp/transport.py +++ b/amqp/transport.py @@ -401,6 +401,8 @@ class SSLTransport(_AbstractTransport): def _setup_transport(self): """Wrap the socket in an SSL object.""" self.sock = self._wrap_socket(self.sock, **self.sslopts) + # Explicitly set a timeout here to stop any hangs on handshake. + self.sock.settimeout(self.connect_timeout) self.sock.do_handshake() self._quick_recv = self.sock.read diff --git a/t/unit/test_transport.py b/t/unit/test_transport.py index e9c7114..b00072c 100644 --- a/t/unit/test_transport.py +++ b/t/unit/test_transport.py @@ -864,6 +864,14 @@ class test_SSLTransport: with pytest.raises(socket.timeout): self.t._read(64) + def test_handshake_timeout(self): + self.t.sock = Mock() + self.t._wrap_socket = Mock() + self.t._wrap_socket.return_value = self.t.sock + self.t.sock.do_handshake.side_effect = socket.timeout() + with pytest.raises(socket.timeout): + self.t._setup_transport() + class test_TCPTransport: class Transport(transport.TCPTransport): |