Merge pull request #5 from mysteriumnetwork/tls_handshake_timeout

proper TLS handshake timeout
mysteriumnetwork · Feb 28, 2022 · c1e5a4e · c1e5a4e
2 parents 26b35aa + 354219d
commit c1e5a4e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 9 deletions.
diff --git a/cmd/everssl/main.go b/cmd/everssl/main.go
@@ -23,6 +23,8 @@ var (
 	// global options
 	showVersion = flag.Bool("version", false, "show program version and exit")
 	timeout     = flag.Duration("timeout", 5*time.Minute, "overall scan timeout")
+	oneTimeout  = flag.Duration("1-timeout", 15*time.Second, "timeout for one connection")
+	retries     = flag.Int("retries", 3, "validation retries")
 
 	// enumerator options
 	CFAPIToken = flag.String("cf-api-token", "", "Cloudflare API token")
@@ -113,6 +115,8 @@ func run() int {
 	var targetValidator validator.Validator = validator.NewConcurrentValidator(
 		*expireTreshold,
 		*rateLimitEvery,
+		*oneTimeout,
+		*retries,
 		*verify,
 	)
 

diff --git a/validator/concurrent.go b/validator/concurrent.go
@@ -16,23 +16,22 @@ import (
 	"github.com/mysteriumnetwork/everssl/validator/result"
 )
 
-const (
-	Retries              = 3
-	SingleAttemptTimeout = 5 * time.Second
-)
-
 type ConcurrentValidator struct {
 	limiter            *rate.Limiter
 	expirationTreshold time.Duration
+	singleTimeout      time.Duration
+	retries            int
 	verify             bool
 }
 
-func NewConcurrentValidator(expirationTreshold, rateEvery time.Duration, verify bool) *ConcurrentValidator {
+func NewConcurrentValidator(expirationTreshold, rateEvery, singleTimeout time.Duration, retries int, verify bool) *ConcurrentValidator {
 	limit := rate.Every(rateEvery)
 	return &ConcurrentValidator{
 		limiter:            rate.NewLimiter(limit, 1),
 		expirationTreshold: expirationTreshold,
 		verify:             verify,
+		singleTimeout:      singleTimeout,
+		retries:            retries,
 	}
 }
 
@@ -64,13 +63,13 @@ func (v *ConcurrentValidator) validateSingle(ctx context.Context, target target.
 	)
 	dialer := fixedDialer.NewFixedDialer(target.Address, "", &net.Dialer{})
 
-	for i := 0; i < Retries; i++ {
+	for i := 0; i < v.retries; i++ {
 		err = v.limiter.Wait(ctx)
 		if err != nil {
 			return newValidationError(result.ConnectionError, fmt.Errorf("error waiting for ratelimit: %w", err))
 		}
 
-		ctx1, cl := context.WithTimeout(ctx, SingleAttemptTimeout)
+		ctx1, cl := context.WithTimeout(ctx, v.singleTimeout)
 		defer cl()
 
 		conn, err = dialer.DialContext(ctx1, "tcp", net.JoinHostPort(target.Domain, "443"))
@@ -109,7 +108,9 @@ func (v *ConcurrentValidator) validateSingle(ctx context.Context, target target.
 	})
 	defer tlsConn.Close()
 
-	err = tlsConn.HandshakeContext(ctx)
+	ctx1, cl := context.WithTimeout(ctx, v.singleTimeout)
+	defer cl()
+	err = tlsConn.HandshakeContext(ctx1)
 	if err != nil {
 		switch e := err.(type) {
 		case result.ValidationError: