From 07daef775c6807913e8debed2935fc59343b58dd Mon Sep 17 00:00:00 2001 From: Carlos Corbacho Date: Sat, 12 Nov 2022 08:57:36 +0000 Subject: Set an explicit timeout on SSL handshake to prevent hangs If we do not set a timeout on the SSL handshake, this can cause an infinite hang if something happens during this point to the remote end - this has been seen with AWS MQ RabbitMQ during cluster maintenance triggering a reboot, and causing hangs of any connection that is in the handshake phase. --- amqp/transport.py | 2 ++ t/unit/test_transport.py | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/amqp/transport.py b/amqp/transport.py index 2761f09..c915977 100644 --- a/amqp/transport.py +++ b/amqp/transport.py @@ -401,6 +401,8 @@ class SSLTransport(_AbstractTransport): def _setup_transport(self): """Wrap the socket in an SSL object.""" self.sock = self._wrap_socket(self.sock, **self.sslopts) + # Explicitly set a timeout here to stop any hangs on handshake. + self.sock.settimeout(self.connect_timeout) self.sock.do_handshake() self._quick_recv = self.sock.read diff --git a/t/unit/test_transport.py b/t/unit/test_transport.py index e9c7114..b00072c 100644 --- a/t/unit/test_transport.py +++ b/t/unit/test_transport.py @@ -864,6 +864,14 @@ class test_SSLTransport: with pytest.raises(socket.timeout): self.t._read(64) + def test_handshake_timeout(self): + self.t.sock = Mock() + self.t._wrap_socket = Mock() + self.t._wrap_socket.return_value = self.t.sock + self.t.sock.do_handshake.side_effect = socket.timeout() + with pytest.raises(socket.timeout): + self.t._setup_transport() + class test_TCPTransport: class Transport(transport.TCPTransport): -- cgit v1.2.1