From c39d7e7b2b80a23f8d4e1410bb1c2d6033f30af0 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 27 Nov 2018 19:46:05 +0100
Subject: [PATCH] Fix TLS handshake timeout not being enforced (#9381)

Follow-up to #9329
---
 app/lib/request.rb | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/lib/request.rb b/app/lib/request.rb
index 024fce88a..4a81773e3 100644
--- a/app/lib/request.rb
+++ b/app/lib/request.rb
@@ -4,6 +4,16 @@ require 'ipaddr'
 require 'socket'
 require 'resolv'
 
+# Monkey-patch the HTTP.rb timeout class to avoid using a timeout block
+# around the Socket#open method, since we use our own timeout blocks inside
+# that method
+class HTTP::Timeout::PerOperation
+  def connect(socket_class, host, port, nodelay = false)
+    @socket = socket_class.open(host, port)
+    @socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1) if nodelay
+  end
+end
+
 class Request
   REQUEST_TARGET = '(request-target)'
 
@@ -95,7 +105,11 @@ class Request
   end
 
   def timeout
-    { connect: nil, read: 10, write: 10 }
+    # We enforce a 1s timeout on DNS resolving, 10s timeout on socket opening
+    # and 5s timeout on the TLS handshake, meaning the worst case should take
+    # about 16s in total
+
+    { connect: 5, read: 10, write: 10 }
   end
 
   def http_client