diff options
| author | Heiko Voigt <hvoigt@hvoigt.net> | 2019-03-14 17:53:07 +0100 |
|---|---|---|
| committer | Heiko Voigt <hvoigt@hvoigt.net> | 2019-04-29 16:28:50 +0000 |
| commit | 2e54dbe86eac61e87782a138dbcc158cb6b10cd9 (patch) | |
| tree | 0e2e813d54c7f4e51798868d870a65bc252d0848 /src/websockets/qsslserver.cpp | |
| parent | 240f14a7a7b56c3eb6c2bdd34ab9c9ee4bca2990 (diff) | |
| download | qtwebsockets-2e54dbe86eac61e87782a138dbcc158cb6b10cd9.tar.gz | |
websocket server: add timeout to abort incomplete handshakes
A websocket connection can involve two types of handshakes. First an
optional SSL handshake and second the websocket handshake itself. Either
one can get stalled/stuck if the other side does not answer.
To be robust by default and for easy mitigation by users of websockets
let's introduce a handshake timeout. We introduce a default timeout of 10
seconds which can be customized by the newly introduced setHandshakeTimeout()
method.
One major location where connections got stuck was when the connection
queue was filled with connections waiting for the SSL handshake. Only
connections that have finished this handshake can be processed anyway so
we now add them to the queue once they are fully ready to start the
websocket handshake.
Task-number: QTBUG-63312
Task-number: QTBUG-57026
Change-Id: Ia286221f1d8da1000e98973496280fde16ed811d
Reviewed-by: Alf Crüger <a.crueger@baxi-innotech.de>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/websockets/qsslserver.cpp')
| -rw-r--r-- | src/websockets/qsslserver.cpp | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/src/websockets/qsslserver.cpp b/src/websockets/qsslserver.cpp index 586e520..ec645c9 100644 --- a/src/websockets/qsslserver.cpp +++ b/src/websockets/qsslserver.cpp @@ -118,11 +118,11 @@ void QSslServer::incomingConnection(qintptr socket) connect(pSslSocket, QOverload<const QList<QSslError>&>::of(&QSslSocket::sslErrors), this, &QSslServer::sslErrors); connect(pSslSocket, &QSslSocket::encrypted, - this, &QSslServer::newEncryptedConnection); + this, &QSslServer::socketEncrypted); connect(pSslSocket, &QSslSocket::preSharedKeyAuthenticationRequired, this, &QSslServer::preSharedKeyAuthenticationRequired); - addPendingConnection(pSslSocket); + Q_EMIT startedEncryptionHandshake(pSslSocket); pSslSocket->startServerEncryption(); } else { @@ -131,4 +131,15 @@ void QSslServer::incomingConnection(qintptr socket) } } +void QSslServer::socketEncrypted() +{ + QSslSocket *pSslSocket = qobject_cast<QSslSocket *>(sender()); + + // We do not add the connection until the encryption handshake is complete. + // In case the handshake is aborted, we would be left with a stale + // connection in the queue otherwise. + addPendingConnection(pSslSocket); + Q_EMIT newEncryptedConnection(); +} + QT_END_NAMESPACE |