Issue when setting socket timeout for HTTPS

[andresriancho]

When w3af tries to set a timeout for a SSL socket, a WantRead exception is raised by OpenSSL, the root issue is in OpenSSL code: pyca/pyopenssl#168

But it affects me, since I can't set a timeout for HTTPS connections:
bc1ecf2

This sucks since it means that while an HTTPS connection is alive in the keep alive connection pool, its timeout will remain the same. This leads to some issues, since:

• extended_urllib.py sets different timeouts based on errors and responses, which will be ignored because an old HTTPS connection, with an old timeout setting will be reused.
• The plugins might set specific timeouts for their requests, which will also be ignored.

I need to try to fix this issue at it's root, but the workaround explained in pyca/pyopenssl#168 seems complex to get right.

Something that might work is to modify the code that chooses a connection from the connection pool. If there is a free connection with a timeout similar (or the equals?) to the one specified in the request, then choose that connection, otherwise create a new one.

The bad thing about this connection selection process is that the keep alive handler will be less effective: more connections are going to be created, each connection will send / receive less traffic.

TODO

• I commented on Setting socket timeouts breaks handshake pyca/pyopenssl#168 in 2015. Why? Which code was I trying to fix? How did that end?
• Attempt to fix root cause
• Find a workaround for the issue