Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add (experimental) `STEP_CA_HTTP_TIMEOUT` for server HTTP timeouts

Browse Source
pull/1643/head
Herman Slatman 5 months ago
parent c25273d7a7
commit f515f42aa6
No known key found for this signature in database
GPG Key ID: F4D8A44EA0A75A4F
3 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File

12
ca/ca.go
Unescape Escape View File

@ -41,6 +41,7 @@ type options struct {
configFile string configFile string
linkedCAToken string linkedCAToken string
quiet bool quiet bool
httpTimeout time.Duration
password []byte password []byte
issuerPassword []byte issuerPassword []byte
sshHostPassword []byte sshHostPassword []byte
@ -118,6 +119,13 @@ func WithQuiet(quiet bool) Option {
} }
} }
// WithHTTPTimeout sets the http timeout flag.
func WithHTTPTimeout(httpTimeout time.Duration) Option {
return func(o *options) {
o.httpTimeout = httpTimeout
}
}
// CA is the type used to build the complete certificate authority. It builds // CA is the type used to build the complete certificate authority. It builds
// the HTTP server, set ups the middlewares and the HTTP handlers. // the HTTP server, set ups the middlewares and the HTTP handlers.
type CA struct { type CA struct {
@ -300,7 +308,7 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
// Create context with all the necessary values. // Create context with all the necessary values.
baseContext := buildContext(auth, scepAuthority, acmeDB, acmeLinker) baseContext := buildContext(auth, scepAuthority, acmeDB, acmeLinker)
ca.srv = server.New(cfg.Address, handler, tlsConfig) ca.srv = server.New(cfg.Address, handler, tlsConfig, ca.opts.httpTimeout)
ca.srv.BaseContext = func(net.Listener) context.Context { ca.srv.BaseContext = func(net.Listener) context.Context {
return baseContext return baseContext
} }
@ -312,7 +320,7 @@ func (ca *CA) Init(cfg *config.Config) (*CA, error) {
// http.Servers handling the HTTP and HTTPS handler? The latter // http.Servers handling the HTTP and HTTPS handler? The latter
// will probably introduce more complexity in terms of graceful // will probably introduce more complexity in terms of graceful
// reload. // reload.
ca.insecureSrv = server.New(cfg.InsecureAddress, insecureHandler, nil) ca.insecureSrv = server.New(cfg.InsecureAddress, insecureHandler, nil, ca.opts.httpTimeout)
ca.insecureSrv.BaseContext = func(net.Listener) context.Context { ca.insecureSrv.BaseContext = func(net.Listener) context.Context {
return baseContext return baseContext
} }

12
commands/app.go
Unescape Escape View File

@ -10,6 +10,7 @@ import (
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings" "strings"
"time"
"unicode" "unicode"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -73,6 +74,13 @@ certificate issuer private key used in the RA mode.`,
Usage: "the <name> of the authority's context.", Usage: "the <name> of the authority's context.",
EnvVar: "STEP_CA_CONTEXT", EnvVar: "STEP_CA_CONTEXT",
}, },
cli.DurationFlag{
Name: "http-timeout",
Usage: "the (shared) duration for HTTP timeouts (experimental).",
EnvVar: "STEP_CA_HTTP_TIMEOUT",
Value: 15 * time.Second,
Hidden: true,
},
cli.IntFlag{ cli.IntFlag{
Name: "acme-http-port", Name: "acme-http-port",
Usage: `the <port> used on http-01 challenges. It can be changed for testing purposes. Usage: `the <port> used on http-01 challenges. It can be changed for testing purposes.
@ -105,6 +113,7 @@ func appAction(ctx *cli.Context) error {
resolver := ctx.String("resolver") resolver := ctx.String("resolver")
token := ctx.String("token") token := ctx.String("token")
quiet := ctx.Bool("quiet") quiet := ctx.Bool("quiet")
httpTimeout := ctx.Duration("http-timeout")
if ctx.NArg() > 1 { if ctx.NArg() > 1 {
return errs.TooManyArguments(ctx) return errs.TooManyArguments(ctx)
@ -251,7 +260,8 @@ To get a linked authority token:
ca.WithSSHUserPassword(sshUserPassword), ca.WithSSHUserPassword(sshUserPassword),
ca.WithIssuerPassword(issuerPassword), ca.WithIssuerPassword(issuerPassword),
ca.WithLinkedCAToken(token), ca.WithLinkedCAToken(token),
ca.WithQuiet(quiet)) ca.WithQuiet(quiet),
ca.WithHTTPTimeout(httpTimeout))
if err != nil { if err != nil {
fatal(err) fatal(err)
} }

14
server/server.go
Unescape Escape View File

@ -27,25 +27,25 @@ type Server struct {
// New creates a new HTTP/HTTPS server configured with the passed // New creates a new HTTP/HTTPS server configured with the passed
// address, http.Handler and tls.Config. // address, http.Handler and tls.Config.
func New(addr string, handler http.Handler, tlsConfig *tls.Config) *Server { func New(addr string, handler http.Handler, tlsConfig *tls.Config, httpTimeout time.Duration) *Server {
return &Server{ return &Server{
reloadCh: make(chan net.Listener), reloadCh: make(chan net.Listener),
shutdownCh: make(chan struct{}), shutdownCh: make(chan struct{}),
Server: newHTTPServer(addr, handler, tlsConfig), Server: newHTTPServer(addr, handler, tlsConfig, httpTimeout),
} }
} }
// newHTTPServer creates a new http.Server with the TCP address, handler and // newHTTPServer creates a new http.Server with the TCP address, handler and
// tls.Config. // tls.Config.
func newHTTPServer(addr string, handler http.Handler, tlsConfig *tls.Config) *http.Server { func newHTTPServer(addr string, handler http.Handler, tlsConfig *tls.Config, httpTimeout time.Duration) *http.Server {
return &http.Server{ return &http.Server{
Addr: addr, Addr: addr,
Handler: handler, Handler: handler,
TLSConfig: tlsConfig, TLSConfig: tlsConfig,
WriteTimeout: 15 * time.Second, WriteTimeout: httpTimeout,
ReadTimeout: 15 * time.Second, ReadTimeout: httpTimeout,
ReadHeaderTimeout: 15 * time.Second, ReadHeaderTimeout: httpTimeout,
IdleTimeout: 15 * time.Second, IdleTimeout: httpTimeout,
ErrorLog: log.New(os.Stderr, "", log.Ldate|log.Ltime|log.Llongfile), ErrorLog: log.New(os.Stderr, "", log.Ldate|log.Ltime|log.Llongfile),
} }
} }

Write Preview
Loading…
Cancel
Save