Skip to content

Commit

Permalink
feat: [#426] disable TimeoutAccceptor when TSL is enabled
Browse files Browse the repository at this point in the history 
TSL does work with the TimeoutAccetor.

How to enabled TSL for development with:

```
[net]
port = 3001

[net.tsl]
ssl_cert_path = "./storage/index/lib/tls/localhost.crt"
ssl_key_path = "./storage/index/lib/tls/localhost.key"
```

You can fin the certificates in `./share/tsl`.

This means there is no timeout for the first client request when you use
TSL. The way to test tiemouts is:

1. Open a connection using telnet: `telnet 127.0.0.1 3001`
2. Wait 5 seconds.

The connection should be closed after 5 seconds. That's what the
TimeoutAcceptor does. Without the TimeoutAcceptor the connection will
remain open until the client closes it.
  • Loading branch information
@josecelano
josecelano committed May 16, 2024
1 parent 284d235 commit 1afe234
Show file tree
Hide file tree
Showing 4 changed files with 51 additions and 1 deletion.
1 change: 1 addition & 0 deletions share/default/config/index.development.sqlite3.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ url = "udp://localhost:6969"
[net]
port = 3001

# Uncomment if you want to enable TSL for development
#[net.tsl]
#ssl_cert_path = "./storage/index/lib/tls/localhost.crt"
#ssl_key_path = "./storage/index/lib/tls/localhost.key"
Expand Down
19 changes: 19 additions & 0 deletions share/tls/localhost.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIUQVYeAGfczJZDxiP/55P1V+hxLjgwDQYJKoZIhvcNAQEL
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDUxNTE2MTUxNloXDTI0MDYx
NDE2MTUxNlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAsiVY2ny8JkTXvM1FSEp47UUNZcRCpQ3/JR1KYscK4yFk
t+2Fntqn7oYPFo17BU0fHZfJ/4ZFwgSCO2p41+plyAWjp9yjwA1Rgqs1eSvGceQG
cWZA8nIiehTdimOqV9gSr2lUpFUPvZhvfkoKUPH8kgnSsK6Vh5AHhOtMHJrTfSHi
SMyZlBMNm8XcHPI4Yc56rX56j0edQ+etmW+yF/sHxp4VuYLRg8Gy9LSBLhVYP2jb
3lHjraSpC6P1OQZPg+yDIJ67LPF3Io0POQQOqahHqKNXprakWNZzGKHklx5wSycW
LBBbwceEGFfoAap88czkh5RPVGkzaG9qI5nGjwT+iQIDAQABo1kwVzAUBgNVHREE
DTALgglsb2NhbGhvc3QwCwYDVR0PBAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMB
MB0GA1UdDgQWBBTNfmPhC1eBckwBVRUKFZXV94I4SDANBgkqhkiG9w0BAQsFAAOC
AQEADY9Z/RPdex3uSdo8gbEKkxzLFTE/DKiOk4ynpIjEmAm3PQ5JGX1bkXQU29WB
YFStue7OemFT1wCadv8xO4Y1WZdEDRAu1kAR+X30aL4hk03nOH3BOIlp972/yCjF
biAqUNJ1VbQkJHjBMFl/9pdsvrO1nz8ObgJrgyszCh+UXDk+mySEeJqiGYCCoZ3x
aQYnAO7+JVUgdXBmWd9BjNQAui8AwN+K5JelDecbwwh5Evykoa9Ey7W8yW23wuoK
MoVnti84JiF9eK/bQSRxdP9N8bECsHUSHWMOoA7+axOq1Q1L8oe67NCiBo//s28T
ZmJAlAeGXy1QqVTIslM8J+ceNQ==
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions share/tls/localhost.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCyJVjafLwmRNe8
zUVISnjtRQ1lxEKlDf8lHUpixwrjIWS37YWe2qfuhg8WjXsFTR8dl8n/hkXCBII7
anjX6mXIBaOn3KPADVGCqzV5K8Zx5AZxZkDyciJ6FN2KY6pX2BKvaVSkVQ+9mG9+
SgpQ8fySCdKwrpWHkAeE60wcmtN9IeJIzJmUEw2bxdwc8jhhznqtfnqPR51D562Z
b7IX+wfGnhW5gtGDwbL0tIEuFVg/aNveUeOtpKkLo/U5Bk+D7IMgnrss8XcijQ85
BA6pqEeoo1emtqRY1nMYoeSXHnBLJxYsEFvBx4QYV+gBqnzxzOSHlE9UaTNob2oj
mcaPBP6JAgMBAAECggEAAPMoUB+ga3mHoqgSGaO3cMWQn91s4Php2UbPj5RorQXr
IPx+71GbtVNLX5X7PjjZneg0a8yk57cQJ0TyWJIVXyET/ylptz3a7/lrbrY/Cgz8
6GC8DQ7gceWelVhP1jLscgJpefpCIKfN+86uZa+EnYPdCSXXb/lQVYVhXRSJrdll
1LJuNAvW88c1zXKWJ+L05H3Q+O98F/6PpEcwln0mX9Qp7QyBNjeP1B1eQc8+S6CD
hgRifcY7KKdecDWh1i8haNqRUtXL7XAksesHJbxtIwaeu+8AXSQunpT2JOYFlzpy
yllEDcT2s+JutBqclINWggBEn1eHtksQKNLWrTVaiQKBgQDFdp8BwWRIYji9mAx5
te4dwOTj+POSm6DCi9wXssNsKdaGXFhNw3Wla2AvWZ5P/t1Z+zrvqag8sAjEl+nI
7WHra3voOojDdZ1Kf6QhMQ/ZD1vm0mFa32tsRIUZ5vYP5qyXsgPEb2OE0QnKGCAM
DD1X96C/CEecunQyioAOaJ+AmwKBgQDm9LvmY0rSEGe/oiBvnrYjIyHUn59FcIlU
kGvTW1ynPtGT6vrOyZGDnw8uOEI00/E7YB8psdJLQ8aOgT4xUc2p7haNri/V794W
hhWs2+qvDWvURSRMF0PZeV1b2bDqDB3AP2XiwaHR3MQpc1t4chNNNB5vuD0TJVrB
NIXi0S41qwKBgQCR3l/17wQCyLQ7sn+8xV2ikyVDF1vveJHYRXMP+pmMZJe556u/
vl1BFsIWGHDvjUm9N+7Arqa+Nhg0CjjEmj+UpnEBC4SOR2srZoE7l7+qTENKjy0l
8RetAi0FBm3NL01ePj20Ncjhi35c0VeTLtN+EUqo9Bfauo4t68xPWJBDcwKBgENk
3v/XsZmi1+N/t99afOO7+L9G5P8qW6iljBFc86iKGDYFt7Jn92JlI9Tk7czkm9wr
rGxKS4dS+7nR1QgnStBvfX1Sevr+x9vivKh4c/8o93I1yuW5VD89vxRybcGeT4At
/9kvj7zhowxFcUewYhmBP/Bx3sCbgeQnI3qQd9+JAoGAFgzLLXw5fdwjz1oz9Cwz
WetpWujjMImgsD7b/7XmKeKCG82uorsaFI5rBb4eJdgJHoqaNAEkFuNdhRcuqVh1
uZG02rb8HICnhPV/4wgyhf6pZEWrpmF9q4aqoH67hfrRMuVUD250px3y2Ozs77JJ
c7S9s1qUr+vPk7+ywFh5xRk=
-----END PRIVATE KEY-----
4 changes: 3 additions & 1 deletion src/web/api/server/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,9 @@ async fn start_server(
match tls {
Some(tls) => custom_axum::from_tcp_rustls_with_timeouts(socket, tls)
.handle(handle)
.acceptor(TimeoutAcceptor)
// The TimeoutAcceptor is commented because TSL does not work with it.
// See: https://github.com/torrust/torrust-index/issues/204
//.acceptor(TimeoutAcceptor)
.serve(router.into_make_service_with_connect_info::<std::net::SocketAddr>())
.await
.expect("API server should be running"),
Expand Down

0 comments on commit 1afe234

Please sign in to comment.