[or-cvs] [torflow/master 06/92] XXX about ssl socket timeouts

[mikeperry at torproject.org]

Author: John M. Schanck <john at anomos.info>
Date: Sun, 20 Jun 2010 12:19:33 -0400
Subject: XXX about ssl socket timeouts
Commit: 4945ff7f52feb06eb6b0927fc0e950e6acea5d77

Also a couple minor changes:
-ctx.set_timeout sets the maximum lifetime of the ssl session - this has
 nothing to do with socket timeouts, so I removed it.
-Also removed set_verify_depth since we're not checking for validity,
 and 1 wasn't necessarily the right value for our purposes.
---
 NetworkScanners/ExitAuthority/soat.py |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/NetworkScanners/ExitAuthority/soat.py b/NetworkScanners/ExitAuthority/soat.py
index fad22b0..887062f 100755
--- a/NetworkScanners/ExitAuthority/soat.py
+++ b/NetworkScanners/ExitAuthority/soat.py
@@ -1723,15 +1723,16 @@ class SSLTest(SearchBasedTest):
 
     # specify the context
     ctx = SSL.Context(getattr(SSL,method))
-    ctx.set_timeout(int(read_timeout))
-    ctx.set_verify_depth(1)
+
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    # XXX: This creats a blocking socket with no timeout. Setting a timeout
+    # won't help because we can't differentiate a timeout from an
+    # SSL.WantReadError. An attacker can hang SoaT here by doing:
+    # nc -l -p 443, and waiting for us to connect.
+    s.settimeout(None)
 
     # open an ssl connection
-    # FIXME: Hrmmm. handshake considerations
     try:
-      s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-      # SSL has its own timeouts handled above. Undo ours from BindingSocket
-      s.settimeout(None) 
       c = SSL.Connection(ctx, s)
       c.set_connect_state()
       c.connect((address, 443)) # DNS OK.
-- 
1.7.1