From 354219d6b5fcbac0f73f9e84d658044c1cf024a1 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Tue, 1 Mar 2022 01:39:53 +0200 Subject: [PATCH] proper TLS handshake timeout --- cmd/everssl/main.go | 4 ++++ validator/concurrent.go | 19 ++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/cmd/everssl/main.go b/cmd/everssl/main.go index bef2e65..7ab9666 100644 --- a/cmd/everssl/main.go +++ b/cmd/everssl/main.go @@ -23,6 +23,8 @@ var ( // global options showVersion = flag.Bool("version", false, "show program version and exit") timeout = flag.Duration("timeout", 5*time.Minute, "overall scan timeout") + oneTimeout = flag.Duration("1-timeout", 15*time.Second, "timeout for one connection") + retries = flag.Int("retries", 3, "validation retries") // enumerator options CFAPIToken = flag.String("cf-api-token", "", "Cloudflare API token") @@ -113,6 +115,8 @@ func run() int { var targetValidator validator.Validator = validator.NewConcurrentValidator( *expireTreshold, *rateLimitEvery, + *oneTimeout, + *retries, *verify, ) diff --git a/validator/concurrent.go b/validator/concurrent.go index de981fe..ba9f8da 100644 --- a/validator/concurrent.go +++ b/validator/concurrent.go @@ -16,23 +16,22 @@ import ( "github.com/mysteriumnetwork/everssl/validator/result" ) -const ( - Retries = 3 - SingleAttemptTimeout = 5 * time.Second -) - type ConcurrentValidator struct { limiter *rate.Limiter expirationTreshold time.Duration + singleTimeout time.Duration + retries int verify bool } -func NewConcurrentValidator(expirationTreshold, rateEvery time.Duration, verify bool) *ConcurrentValidator { +func NewConcurrentValidator(expirationTreshold, rateEvery, singleTimeout time.Duration, retries int, verify bool) *ConcurrentValidator { limit := rate.Every(rateEvery) return &ConcurrentValidator{ limiter: rate.NewLimiter(limit, 1), expirationTreshold: expirationTreshold, verify: verify, + singleTimeout: singleTimeout, + retries: retries, } } @@ -64,13 +63,13 @@ func (v *ConcurrentValidator) validateSingle(ctx context.Context, target target. ) dialer := fixedDialer.NewFixedDialer(target.Address, "", &net.Dialer{}) - for i := 0; i < Retries; i++ { + for i := 0; i < v.retries; i++ { err = v.limiter.Wait(ctx) if err != nil { return newValidationError(result.ConnectionError, fmt.Errorf("error waiting for ratelimit: %w", err)) } - ctx1, cl := context.WithTimeout(ctx, SingleAttemptTimeout) + ctx1, cl := context.WithTimeout(ctx, v.singleTimeout) defer cl() conn, err = dialer.DialContext(ctx1, "tcp", net.JoinHostPort(target.Domain, "443")) @@ -109,7 +108,9 @@ func (v *ConcurrentValidator) validateSingle(ctx context.Context, target target. }) defer tlsConn.Close() - err = tlsConn.HandshakeContext(ctx) + ctx1, cl := context.WithTimeout(ctx, v.singleTimeout) + defer cl() + err = tlsConn.HandshakeContext(ctx1) if err != nil { switch e := err.(type) { case result.ValidationError: