letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove Timeout field from VA's http.Client. (#3661) 

This field was set to singleDialTimeout, but the net/http library treats
it as covering all of dial, write headers, and read headers and body.
Since http01Dialer also uses singleDialTimeout, there's a race between
http01Dialer and net/http to see who will time out first. The result is
that sometimes we give "Timeout after connect" when the error really
should be "Timeout during connect." This issue also inhibits IPv6 to
IPv4 fallback, and tickles a data race that was causing a rare panic in
VA: https://github.com/letsencrypt/boulder/issues/3109.

After this change, the overall HTTP request will get the full deadline
allowed by the RPC context. The dialer will continue to use
singleDialTimeout for each of its two possible dial attempts.
This commit is contained in:
Jacob Hoffman-Andrews 2018-04-23 06:24:23 -07:00 committed by Daniel McCarney
parent 0e6713e573
commit d0a510664b
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
va/va.go
View File

@ -431,7 +431,6 @@ func (va *ValidationAuthorityImpl) fetchHTTP(ctx context.Context, identifier cor
client := http.Client{
Transport: tr,
CheckRedirect: logRedirect,
Timeout: singleDialTimeout,
}
httpResponse, err := client.Do(httpRequest)
// Append a validation record now that we have dialed the dialer