ref: 0e53c2f788723b81a3e1316d6ad97946d065b043
parent: 8dfa28066d7fae7912fe62117cca0e83ed597650
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Apr 4 07:41:07 EDT 2026
tlssrv: add -T timeout option to prevent connection hogging
--- a/sys/man/8/tlssrv
+++ b/sys/man/8/tlssrv
@@ -15,6 +15,10 @@
]
]
[
+.B -T
+.I timeout
+]
+[
.B -c
.I cert.pem
]
@@ -112,6 +116,12 @@
the server command as the authorized user when the
.B -a
flag was specified.
+A millisecond
+.I timeout
+for the TLS handshake phase can be set using the
+.B -T
+option.
+This can prevent clients from hogging connections.
.PP
.I Tlsclient
is the reverse of
@@ -137,7 +147,7 @@
flag writes the server's certificate to the file
.I servercert
in binary ASN.1 encoding.
-If the server doesnt provide a certificate, an empty
+If the server does not provide a certificate, an empty
file is created.
If the
.B -t
--- a/sys/src/cmd/tlssrv.c
+++ b/sys/src/cmd/tlssrv.c
@@ -5,7 +5,7 @@
#include <libsec.h>
#include <auth.h>
-int debug, auth;
+int debug, auth, timeout;
char *keyspec = "";
char *remotesys = "";
char *logfile = nil;
@@ -32,7 +32,7 @@
void
usage(void)
{- fprint(2, "usage: tlssrv [-D] -[aA] [-k keyspec]] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
+ fprint(2, "usage: tlssrv [-D] [ -[aA] [-k keyspec] ] [-T timeout] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
exits("usage");}
@@ -66,6 +66,9 @@
case 'r':
remotesys = EARGF(usage());
break;
+ case 'T':
+ timeout = atoi(EARGF(usage()));
+ break;
default:
usage();
}ARGEND
@@ -117,6 +120,9 @@
if(debug)
conn->trace = reporter;
+ if(timeout)
+ alarm(timeout);
+
fd = tlsServer(0, conn);
if(fd < 0){if(debug)
@@ -123,6 +129,10 @@
reporter("failed: %r");exits(0);
}
+
+ if(timeout)
+ alarm(0);
+
if(debug)
reporter("open");--
⑨