You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When w3af tries to set a timeout for a SSL socket, a WantRead exception is raised by OpenSSL, the root issue is in OpenSSL code: pyca/pyopenssl#168
But it affects me, since I can't set a timeout for HTTPS connections: bc1ecf2
This sucks since it means that while an HTTPS connection is alive in the keep alive connection pool, its timeout will remain the same. This leads to some issues, since:
extended_urllib.py sets different timeouts based on errors and responses, which will be ignored because an old HTTPS connection, with an old timeout setting will be reused.
The plugins might set specific timeouts for their requests, which will also be ignored.
I need to try to fix this issue at it's root, but the workaround explained in pyca/pyopenssl#168 seems complex to get right.
Something that might work is to modify the code that chooses a connection from the connection pool. If there is a free connection with a timeout similar (or the equals?) to the one specified in the request, then choose that connection, otherwise create a new one.
The bad thing about this connection selection process is that the keep alive handler will be less effective: more connections are going to be created, each connection will send / receive less traffic.
When w3af tries to set a timeout for a SSL socket, a WantRead exception is raised by OpenSSL, the root issue is in OpenSSL code: pyca/pyopenssl#168
But it affects me, since I can't set a timeout for HTTPS connections:
bc1ecf2
This sucks since it means that while an HTTPS connection is alive in the keep alive connection pool, its timeout will remain the same. This leads to some issues, since:
extended_urllib.py
sets different timeouts based on errors and responses, which will be ignored because an old HTTPS connection, with an old timeout setting will be reused.I need to try to fix this issue at it's root, but the workaround explained in pyca/pyopenssl#168 seems complex to get right.
Something that might work is to modify the code that chooses a connection from the connection pool. If there is a free connection with a timeout similar (or the equals?) to the one specified in the request, then choose that connection, otherwise create a new one.
The bad thing about this connection selection process is that the keep alive handler will be less effective: more connections are going to be created, each connection will send / receive less traffic.
TODO
The text was updated successfully, but these errors were encountered: