diff options
author | Heiko Voigt <hvoigt@hvoigt.net> | 2019-03-14 17:53:07 +0100 |
---|---|---|
committer | Heiko Voigt <hvoigt@hvoigt.net> | 2019-04-29 16:28:50 +0000 |
commit | 2e54dbe86eac61e87782a138dbcc158cb6b10cd9 (patch) | |
tree | 0e2e813d54c7f4e51798868d870a65bc252d0848 /src/websockets/qsslserver_p.h | |
parent | 240f14a7a7b56c3eb6c2bdd34ab9c9ee4bca2990 (diff) | |
download | qtwebsockets-2e54dbe86eac61e87782a138dbcc158cb6b10cd9.tar.gz |
websocket server: add timeout to abort incomplete handshakes
A websocket connection can involve two types of handshakes. First an
optional SSL handshake and second the websocket handshake itself. Either
one can get stalled/stuck if the other side does not answer.
To be robust by default and for easy mitigation by users of websockets
let's introduce a handshake timeout. We introduce a default timeout of 10
seconds which can be customized by the newly introduced setHandshakeTimeout()
method.
One major location where connections got stuck was when the connection
queue was filled with connections waiting for the SSL handshake. Only
connections that have finished this handshake can be processed anyway so
we now add them to the queue once they are fully ready to start the
websocket handshake.
Task-number: QTBUG-63312
Task-number: QTBUG-57026
Change-Id: Ia286221f1d8da1000e98973496280fde16ed811d
Reviewed-by: Alf Crüger <a.crueger@baxi-innotech.de>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Diffstat (limited to 'src/websockets/qsslserver_p.h')
-rw-r--r-- | src/websockets/qsslserver_p.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/websockets/qsslserver_p.h b/src/websockets/qsslserver_p.h index 10f8fea..6283058 100644 --- a/src/websockets/qsslserver_p.h +++ b/src/websockets/qsslserver_p.h @@ -59,6 +59,8 @@ QT_BEGIN_NAMESPACE +class QSslSocket; + class QSslServer : public QTcpServer { Q_OBJECT @@ -76,10 +78,14 @@ Q_SIGNALS: void peerVerifyError(const QSslError &error); void newEncryptedConnection(); void preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator *authenticator); + void startedEncryptionHandshake(QSslSocket *socket); protected: void incomingConnection(qintptr socket) override; +private slots: + void socketEncrypted(); + private: QSslConfiguration m_sslConfiguration; }; |