From b1150b6c55193ffe09e8cc027645ab559f14e6bb Mon Sep 17 00:00:00 2001 From: M Kelly Date: Thu, 26 Sep 2024 11:27:19 -0400 Subject: [PATCH] HPCC-32715 SSL_connect/accept should honor timeout provided Signed-off-by: M Kelly --- common/thorhelper/thorsoapcall.cpp | 2 +- esp/bindings/http/client/httpclient.cpp | 4 +- esp/bindings/http/platform/httpprot.cpp | 2 +- esp/clients/roxiecontrol.cpp | 4 +- fs/dafsclient/rmtclient.cpp | 25 ++++++++---- fs/dafsclient/rmtclient.hpp | 2 +- roxie/ccd/ccdlistener.cpp | 2 +- roxie/ccd/ccdprotocol.cpp | 4 +- system/jlib/jsocket.cpp | 2 - system/jlib/jsocket.hpp | 2 + system/mp/mpcomm.cpp | 11 ++++-- system/security/securesocket/securesocket.cpp | 39 ++++++++++++------- system/security/securesocket/securesocket.hpp | 4 +- thorlcr/msort/tsorts1.cpp | 13 ++++--- tools/testsocket/testsocket.cpp | 4 +- 15 files changed, 75 insertions(+), 45 deletions(-) diff --git a/common/thorhelper/thorsoapcall.cpp b/common/thorhelper/thorsoapcall.cpp index 4e9170e2ec3..9e9beaffb6f 100644 --- a/common/thorhelper/thorsoapcall.cpp +++ b/common/thorhelper/thorsoapcall.cpp @@ -2499,7 +2499,7 @@ class CWSCAsyncFor : implements IWSCAsyncFor, public CInterface, public CAsyncFo if (ssock) { checkTimeLimitExceeded(&remainingMS); - int status = ssock->secure_connect(); + int status = ssock->secure_connect(remainingMS); if (status < 0) { StringBuffer err; diff --git a/esp/bindings/http/client/httpclient.cpp b/esp/bindings/http/client/httpclient.cpp index 07829510c71..6b7ac9a4fcd 100644 --- a/esp/bindings/http/client/httpclient.cpp +++ b/esp/bindings/http/client/httpclient.cpp @@ -310,12 +310,14 @@ int CHttpClient::connect(StringBuffer& errmsg, bool forceNewConnection) m_isPersistentSocket = false; try { + CCycleTimer timer; m_socket = ISocket::connect_timeout(ep, m_connectTimeoutMs); if(strcmp(m_protocol.get(), "HTTPS") == 0) { ISecureSocket* securesocket = m_ssctx->createSecureSocket(m_socket, SSLogNormal, m_host.str()); - int res = securesocket->secure_connect(); + unsigned remainingMs = timer.remainingMs(m_connectTimeoutMs); + int res = securesocket->secure_connect(remainingMs); if(res < 0) { close(); diff --git a/esp/bindings/http/platform/httpprot.cpp b/esp/bindings/http/platform/httpprot.cpp index 5a821558e65..0ce20423a97 100644 --- a/esp/bindings/http/platform/httpprot.cpp +++ b/esp/bindings/http/platform/httpprot.cpp @@ -436,7 +436,7 @@ bool CHttpThread::onRequest() try { ESPLOG(LogMax, "Accepting from secure socket"); - res = secure_sock->secure_accept(logLevel); + res = secure_sock->secure_accept(); if(res < 0) return false; } diff --git a/esp/clients/roxiecontrol.cpp b/esp/clients/roxiecontrol.cpp index 6f772f431b7..c96aeac6fb8 100644 --- a/esp/clients/roxiecontrol.cpp +++ b/esp/clients/roxiecontrol.cpp @@ -123,6 +123,7 @@ IPropertyTree *sendRoxieControlAllNodes(const SocketEndpoint &ep, const char *ms static ISocket *createRoxieControlSocket(ISmartSocketFactory *conn, unsigned wait, unsigned connect_wait) { const SocketEndpoint &ep = conn->nextEndpoint(); + CCycleTimer timer; Owned sock = ISocket::connect_timeout(ep, connect_wait); if (conn->isTlsService()) { @@ -137,7 +138,8 @@ static ISocket *createRoxieControlSocket(ISmartSocketFactory *conn, unsigned wai if (!ssock) throw makeStringException(SECURE_CONNECTION_FAILURE, "failed creating secure socket for roxie control message"); - int status = ssock->secure_connect(); + unsigned remainingMs = timer.remainingMs(connect_wait); + int status = ssock->secure_connect(remainingMs); if (status < 0) { StringBuffer err; diff --git a/fs/dafsclient/rmtclient.cpp b/fs/dafsclient/rmtclient.cpp index 8274df03fe9..801781adf90 100644 --- a/fs/dafsclient/rmtclient.cpp +++ b/fs/dafsclient/rmtclient.cpp @@ -727,13 +727,16 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u //PrintStackReport(); } bool ok = true; + unsigned connecttimeoutMs = DEFAULT_CONNECT_TIME; try { + CCycleTimer timer; if (tm.timemon) { unsigned remaining; if (tm.timemon->timedout(&remaining)) THROWJSOCKEXCEPTION(JSOCKERR_connection_failed); + connecttimeoutMs = remaining; socket.setown(ISocket::connect_timeout(ep,remaining)); } else @@ -767,7 +770,8 @@ void CRemoteBase::connectSocket(SocketEndpoint &ep, unsigned connectTimeoutMs, u } else ssock.setown(createSecureSocket(socket.getClear(), nullptr)); - int status = ssock->secure_connect(); + unsigned remainingMs = timer.remainingMs(connecttimeoutMs); + int status = ssock->secure_connect(remainingMs); if (status < 0) throw createDafsException(DAFSERR_connection_failed, "Failure to establish secure connection"); socket.setown(ssock.getLink()); @@ -1128,7 +1132,7 @@ IDaFsConnection *createDaFsConnection(const SocketEndpoint &ep, DAFSConnectCfg c ///////////////////////// -ISocket *checkSocketSecure(ISocket *socket) +ISocket *checkSocketSecure(ISocket *socket, unsigned timeoutms = DEFAULT_CONNECT_TIME) { if (securitySettings.queryConnectMethod() == SSLNone) return LINK(socket); @@ -1144,7 +1148,7 @@ ISocket *checkSocketSecure(ISocket *socket) try { ssock.setown(createSecureSocket(LINK(socket), nullptr)); - int status = ssock->secure_connect(); + int status = ssock->secure_connect(timeoutms); if (status < 0) throw createDafsException(DAFSERR_connection_failed, "Failure to establish secure connection"); return ssock.getClear(); @@ -1173,6 +1177,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree if (isContainerized()) { + CCycleTimer timer; socket.setown(ISocket::connect_timeout(ep, timeoutms)); if (service && service->getPropBool("@tls")) @@ -1182,7 +1187,8 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree try { ssock.setown(createSecureSocket(LINK(socket), service->queryProp("@issuer"))); - int status = ssock->secure_connect(); + unsigned remainingMs = timer.remainingMs(timeoutms); + int status = ssock->secure_connect(remainingMs); if (status < 0) throw createDafsException(DAFSERR_connection_failed, "Failure to establish secure connection to dafilesrv"); return ssock.getClear(); @@ -1214,12 +1220,15 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree { if ( (securitySettings.queryConnectMethod() == SSLNone) || (securitySettings.queryConnectMethod() == SSLOnly) || (securitySettings.queryConnectMethod() == UnsecureAndSSL)) { + CCycleTimer timer; socket.setown(ISocket::connect_timeout(ep, timeoutms)); - return checkSocketSecure(socket); + unsigned remainingMs = timer.remainingMs(timeoutms); + return checkSocketSecure(socket, remainingMs); } // SSLFirst or UnsecureFirst ... + unsigned remainingMs; unsigned newtimeout = timeoutms; if (newtimeout > 5000) newtimeout = 5000; @@ -1229,10 +1238,12 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree { conAttempts--; bool connected = false; + CCycleTimer timer; try { socket.setown(ISocket::connect_timeout(ep, newtimeout)); connected = true; + remainingMs = timer.remainingMs(newtimeout); newtimeout = timeoutms; } catch (IJSOCK_Exception *e) @@ -1257,7 +1268,7 @@ ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree { try { - return checkSocketSecure(socket); + return checkSocketSecure(socket, remainingMs); } catch (IDAFS_Exception *e) { @@ -1343,7 +1354,7 @@ unsigned getRemoteVersion(ISocket *origSock, StringBuffer &ver) if (!origSock) return 0; - Owned socket = checkSocketSecure(origSock); + Owned socket = checkSocketSecure(origSock, 10000); unsigned ret; MemoryBuffer sendbuf; diff --git a/fs/dafsclient/rmtclient.hpp b/fs/dafsclient/rmtclient.hpp index 765e8db2641..9b4688baa27 100644 --- a/fs/dafsclient/rmtclient.hpp +++ b/fs/dafsclient/rmtclient.hpp @@ -63,7 +63,7 @@ extern DAFSCLIENT_API int getDafsInfo(ISocket * socket, unsigned level, StringBu extern DAFSCLIENT_API void setDafsEndpointPort(SocketEndpoint &ep); extern DAFSCLIENT_API void setDafsLocalMountRedirect(const IpAddress &ip,const char *dir,const char *mountdir); extern DAFSCLIENT_API ISocket *connectDafs(SocketEndpoint &ep, unsigned timeoutms, const IPropertyTree *service); // NOTE: might alter ep.port if configured for multiple ports ... -extern DAFSCLIENT_API ISocket *checkSocketSecure(ISocket *socket); +extern DAFSCLIENT_API ISocket *checkSocketSecure(ISocket *socket, unsigned timeoutms); extern DAFSCLIENT_API unsigned short getActiveDaliServixPort(const IpAddress &ip); extern DAFSCLIENT_API unsigned getDaliServixVersion(const IpAddress &ip,StringBuffer &ver); extern DAFSCLIENT_API unsigned getDaliServixVersion(const SocketEndpoint &ep,StringBuffer &ver); diff --git a/roxie/ccd/ccdlistener.cpp b/roxie/ccd/ccdlistener.cpp index 85fd1241a4e..5caee579c85 100644 --- a/roxie/ccd/ccdlistener.cpp +++ b/roxie/ccd/ccdlistener.cpp @@ -142,7 +142,7 @@ class CascadeManager : public CInterface if (!ssock) throw makeStringException(ROXIE_TLS_ERROR, "Roxie CascadeManager failed creating secure socket for roxie control message"); - int status = ssock->secure_connect(); + int status = ssock->secure_connect(2000); if (status < 0) { StringBuffer err; diff --git a/roxie/ccd/ccdprotocol.cpp b/roxie/ccd/ccdprotocol.cpp index 71777e91896..7f5d6cdebe1 100644 --- a/roxie/ccd/ccdprotocol.cpp +++ b/roxie/ccd/ccdprotocol.cpp @@ -291,11 +291,11 @@ class ProtocolSocketListener : public ProtocolListener Owned ssock; try { - ssock.setown(secureContext->createSecureSocket(base)); int loglevel = SSLogMin; if (doTrace(traceSockets)) loglevel = SSLogMax; - int status = ssock->secure_accept(loglevel); + ssock.setown(secureContext->createSecureSocket(base, loglevel)); + int status = ssock->secure_accept(); if (status < 0) { // secure_accept may also DBGLOG() errors ... diff --git a/system/jlib/jsocket.cpp b/system/jlib/jsocket.cpp index 53c47476dd3..63e29721e75 100644 --- a/system/jlib/jsocket.cpp +++ b/system/jlib/jsocket.cpp @@ -113,8 +113,6 @@ #define CONNECT_TIMEOUT_REFUSED_WAIT 1000 // maximum to sleep on connect_timeout #define TRACE_SLOW_BLOCK_TRANSFER -#define DEFAULT_CONNECT_TIME (100*1000) // for connect_wait - #ifdef _DEBUG // #define SIMULATE_LOST_UDP_PACKETS #endif diff --git a/system/jlib/jsocket.hpp b/system/jlib/jsocket.hpp index 08524d55b72..ffc06121353 100644 --- a/system/jlib/jsocket.hpp +++ b/system/jlib/jsocket.hpp @@ -44,6 +44,8 @@ #define WAIT_FOREVER ((unsigned)-1) #endif +#define DEFAULT_CONNECT_TIME (100*1000) // for connect_wait + enum JSOCKET_ERROR_CODES { JSOCKERR_ok = 0, JSOCKERR_not_opened = -1, // accept,name,peer_name,read,write diff --git a/system/mp/mpcomm.cpp b/system/mp/mpcomm.cpp index 6a3d17658ff..d499b726135 100644 --- a/system/mp/mpcomm.cpp +++ b/system/mp/mpcomm.cpp @@ -1099,16 +1099,19 @@ protected: friend class CMPPacketReader; } if (remaining<10000) remaining = 10000; // 10s min granularity for MP + + CCycleTimer timer; newsock.setown(ISocket::connect_timeout(remoteep,remaining)); #if defined(_USE_OPENSSL) if (parent->useTLS) { - Owned ssock = secureContextClient->createSecureSocket(newsock.getClear()); int tlsTraceLevel = SSLogMin; if (parent->mpTraceLevel >= MPVerboseMsgThreshold) tlsTraceLevel = SSLogMax; - int status = ssock->secure_connect(tlsTraceLevel); + Owned ssock = secureContextClient->createSecureSocket(newsock.getClear(), tlsTraceLevel); + tm.timedout(&remaining); + int status = ssock->secure_connect(remaining); if (status < 0) { ssock->close(); @@ -2567,11 +2570,11 @@ int CMPConnectThread::run() #if defined(_USE_OPENSSL) if (parent->useTLS) { - Owned ssock = secureContextServer->createSecureSocket(sock.getClear()); int tlsTraceLevel = SSLogMin; if (parent->mpTraceLevel >= MPVerboseMsgThreshold) tlsTraceLevel = SSLogMax; - int status = ssock->secure_accept(tlsTraceLevel); + Owned ssock = secureContextServer->createSecureSocket(sock.getClear(), tlsTraceLevel); + int status = ssock->secure_accept(10000); if (status < 0) { ssock->close(); diff --git a/system/security/securesocket/securesocket.cpp b/system/security/securesocket/securesocket.cpp index bb59476cf1b..f194bc94d57 100644 --- a/system/security/securesocket/securesocket.cpp +++ b/system/security/securesocket/securesocket.cpp @@ -16,6 +16,7 @@ ############################################################################## */ // Some ssl prototypes use char* where they should be using const char *, resulting in lots of spurious warnings +#include "jexcept.hpp" #ifndef _MSC_VER #pragma GCC diagnostic ignored "-Wwrite-strings" #endif @@ -167,8 +168,8 @@ class CSecureSocket : implements ISecureSocket, public CInterface CSecureSocket(ISocket* sock, ISecureSocketContextCallback * callback, bool verify = false, bool addres_match = false, CStringSet* m_peers = NULL, int loglevel=SSLogNormal, const char *fqdn = nullptr); ~CSecureSocket(); - virtual int secure_accept(int logLevel); - virtual int secure_connect(int logLevel); + virtual int secure_accept(unsigned timeoutMs); + virtual int secure_connect(unsigned timeoutMs); virtual int logPollError(unsigned revents, const char *rwstr); virtual int wait_read(unsigned timeoutms); @@ -674,16 +675,17 @@ bool CSecureSocket::verify_cert(X509* cert) } } -int CSecureSocket::secure_accept(int logLevel) +int CSecureSocket::secure_accept(unsigned timeoutMs) { checkForUpdatedContext(); int err; + CCycleTimer timer; while (true) { err = SSL_accept(m_ssl); if (err > 0) { - if (logLevel > SSLogNormal) + if (this->m_loglevel > SSLogNormal) DBGLOG("SSL accept ok, using %s", SSL_get_cipher(m_ssl)); if (m_verify) @@ -716,7 +718,7 @@ int CSecureSocket::secure_accept(int logLevel) // which can happen with port scan / VIP ... // NOTE: ret could also be SSL_ERROR_ZERO_RETURN if client closed // gracefully after ssl neg initiated ... - if ( (logLevel > SSLogNormal) || (ret != SSL_ERROR_SYSCALL) ) + if ( (this->m_loglevel > SSLogNormal) || (ret != SSL_ERROR_SYSCALL) ) { char errbuf[512]; ERR_error_string_n(ERR_get_error(), errbuf, 512); @@ -746,10 +748,13 @@ int CSecureSocket::secure_accept(int logLevel) #endif // JCSMORE this should really handle accept_cancel_pending if (PORT_CHECK_SSL_ACCEPT_ERROR != srtn) - handleError(ret, false, true, WAIT_FOREVER, "SSL_accept"); + { + unsigned remainingMs = timer.remainingMs(timeoutMs); + handleError(ret, false, true, remainingMs, "SSL_accept"); + } else { - if ((logLevel <= SSLogNormal) && (srtn == PORT_CHECK_SSL_ACCEPT_ERROR)) + if ((this->m_loglevel <= SSLogNormal) && (srtn == PORT_CHECK_SSL_ACCEPT_ERROR)) return srtn; char errbuf[512]; ERR_error_string_n(errnum, errbuf, 512); @@ -770,6 +775,7 @@ void CSecureSocket::handleError(int ssl_err, bool writing, bool wait, unsigned t { // if !wait, then we only perform ssl_err checking, we do not wait_read/wait_write or timeout int rc = 0; + int sockErr = 0; switch (ssl_err) { case SSL_ERROR_ZERO_RETURN: @@ -791,7 +797,7 @@ void CSecureSocket::handleError(int ssl_err, bool writing, bool wait, unsigned t } case SSL_ERROR_SYSCALL: { - int sockErr = SOCKETERRNO(); + sockErr = SOCKETERRNO(); if (sockErr == EAGAIN || sockErr == EWOULDBLOCK) { if (wait) @@ -810,7 +816,7 @@ void CSecureSocket::handleError(int ssl_err, bool writing, bool wait, unsigned t char errbuf[512]; ERR_error_string_n(ssl_err, errbuf, 512); ERR_clear_error(); - VStringBuffer errmsg("%s error %d - %s", opStr, ssl_err, errbuf); + VStringBuffer errmsg("%s error %d [%d] - %s", opStr, ssl_err, sockErr, errbuf); if (m_loglevel >= SSLogMax) DBGLOG("Warning: %s", errmsg.str()); THROWJSOCKEXCEPTION_MSG(ssl_err, errmsg); @@ -831,7 +837,7 @@ void CSecureSocket::handleError(int ssl_err, bool writing, bool wait, unsigned t } } -int CSecureSocket::secure_connect(int logLevel) +int CSecureSocket::secure_connect(unsigned timeoutMs) { if (m_fqdn.length() > 0) { @@ -839,7 +845,6 @@ int CSecureSocket::secure_connect(int logLevel) SSL_set_tlsext_host_name(m_ssl, m_fqdn.str()); } - unsigned timeoutMs = 60*1000; // more than enough, used to be infinite CCycleTimer timer; while (true) { @@ -851,7 +856,7 @@ int CSecureSocket::secure_connect(int logLevel) handleError(ssl_err, true, true, remainingMs, "SSL_connect"); } - if (logLevel > SSLogNormal) + if (this->m_loglevel > SSLogNormal) DBGLOG("SSL connect ok, using %s", SSL_get_cipher (m_ssl)); // Currently only do fake verify - simply logging the subject and issuer @@ -2221,12 +2226,14 @@ class CSecureSmartSocketFactory : public CSmartSocketFactory SocketEndpoint ep; SmartSocketEndpoint *ss = nullptr; Owned ssock; + CCycleTimer timer; Owned sock = connect_sock(timeoutms, ss, ep); try { ssock.setown(secureContext->createSecureSocket(sock.getClear())); // secure_connect may also DBGLOG() errors ... - int res = ssock->secure_connect(); + unsigned remainingMs = timer.remainingMs(timeoutms); + int res = ssock->secure_connect(remainingMs); if (res < 0) throw MakeStringException(-1, "connect_timeout : Failed to establish secure connection"); } @@ -2279,11 +2286,13 @@ class CSingletonSecureSocketConnection: public CSingletonSocketConnection bool connect(unsigned timeoutms) override { + CCycleTimer timer; bool srtn = CSingletonSocketConnection::connect(timeoutms); if (srtn) { Owned ssock = secureContextClient->createSecureSocket(sock.getClear(), tlsLogLevel); - int status = ssock->secure_connect(tlsLogLevel); + unsigned remainingMs = timer.remainingMs(timeoutms); + int status = ssock->secure_connect(remainingMs); if (status < 0) { ssock->close(); @@ -2304,7 +2313,7 @@ class CSingletonSecureSocketConnection: public CSingletonSocketConnection if (srtn) { Owned ssock = secureContextServer->createSecureSocket(sock.getClear(), tlsLogLevel); - int status = ssock->secure_accept(tlsLogLevel); + int status = ssock->secure_accept(timeoutms); if (status < 0) { ssock->close(); diff --git a/system/security/securesocket/securesocket.hpp b/system/security/securesocket/securesocket.hpp index 415040e2a3e..38d3b0e5925 100644 --- a/system/security/securesocket/securesocket.hpp +++ b/system/security/securesocket/securesocket.hpp @@ -50,8 +50,8 @@ enum SecureSocketType // One instance per connection interface ISecureSocket : implements ISocket { - virtual int secure_accept(int logLevel=1) = 0; - virtual int secure_connect(int logLevel=1) = 0; + virtual int secure_accept(unsigned timeoutMS = DEFAULT_CONNECT_TIME) = 0; + virtual int secure_connect(unsigned timeoutMS = DEFAULT_CONNECT_TIME) = 0; virtual StringBuffer& get_ssl_version(StringBuffer& ver) = 0; }; diff --git a/thorlcr/msort/tsorts1.cpp b/thorlcr/msort/tsorts1.cpp index 2e5269d24dc..12a33af114f 100644 --- a/thorlcr/msort/tsorts1.cpp +++ b/thorlcr/msort/tsorts1.cpp @@ -64,16 +64,19 @@ class CMergeReadStream : public CSimpleInterface, public IRowStream SocketEndpoint mergeep = targetep; mergeep.port+=SOCKETSERVERINC; - Owned socket = ISocket::connect_wait(mergeep,CONNECTTIMEOUT*1000); + unsigned timeoutMs = CONNECTTIMEOUT*1000; + CCycleTimer timer; + Owned socket = ISocket::connect_wait(mergeep, timeoutMs); #if defined(_USE_OPENSSL) if (secureContextClient) { - Owned ssock = secureContextClient->createSecureSocket(socket.getClear()); int tlsTraceLevel = SSLogMin; if (sortTraceLevel >= ExtraneousMsgThreshold) tlsTraceLevel = SSLogMax; - int status = ssock->secure_connect(tlsTraceLevel); + Owned ssock = secureContextClient->createSecureSocket(socket.getClear(), tlsTraceLevel); + unsigned remainingMs = timer.remainingMs(timeoutMs); + int status = ssock->secure_connect(remainingMs); if (status < 0) { ssock->close(); @@ -368,12 +371,12 @@ protected: friend class CSortMerge; #if defined(_USE_OPENSSL) if (slave.queryTLS()) { - Owned ssock = secureContextServer->createSecureSocket(socket.getClear()); int tlsTraceLevel = SSLogMin; unsigned sortTraceLevel = slave.queryTraceLevel(); if (sortTraceLevel >= ExtraneousMsgThreshold) tlsTraceLevel = SSLogMax; - int status = ssock->secure_accept(tlsTraceLevel); + Owned ssock = secureContextServer->createSecureSocket(socket.getClear(), tlsTraceLevel); + int status = ssock->secure_accept(); if (status < 0) { ssock->close(); diff --git a/tools/testsocket/testsocket.cpp b/tools/testsocket/testsocket.cpp index ebbaff42aa4..3047a5a0e0c 100644 --- a/tools/testsocket/testsocket.cpp +++ b/tools/testsocket/testsocket.cpp @@ -564,7 +564,7 @@ int doSendQuery(const char * ip, unsigned port, const char * base) if (!persistSecureContext) persistSecureContext.setown(createSecureSocketContext(ClientSocket)); persistSSock.setown(persistSecureContext->createSecureSocket(persistSocket.getClear(), SSLogNormal, ip)); - int res = persistSSock->secure_connect(); + int res = persistSSock->secure_connect(1000); if (res < 0) throw MakeStringException(-1, "doSendQuery : Failed to establish secure connection"); persistSocket.setown(persistSSock.getClear()); @@ -584,7 +584,7 @@ int doSendQuery(const char * ip, unsigned port, const char * base) #ifdef _USE_OPENSSL secureContext.setown(createSecureSocketContext(ClientSocket)); Owned ssock = secureContext->createSecureSocket(socket.getClear(), SSLogNormal, ip); - int res = ssock->secure_connect(); + int res = ssock->secure_connect(100000); if (res < 0) throw MakeStringException(-1, "doSendQuery : Failed to establish secure connection"); socket.setown(ssock.getClear());