homelab/traefik
1
0
Fork 0
Code Activity

Add timeout to ACME-TLS/1 challenge handshake

Browse source 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
This commit is contained in:
LBF38 2026-01-08 16:16:05 +01:00 committed by GitHub
parent 47d7094dfb
commit e9f3089e90
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 70 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

13
pkg/server/router/tcp/router.go
View file

@ -3,6 +3,7 @@ package tcp
import (
"bufio"
"bytes"
"context"
"crypto/tls"
"errors"
"io"
@ -206,7 +207,17 @@ func (r *Router) acmeTLSALPNHandler() tcp.Handler {
}
return tcp.HandlerFunc(func(conn tcp.WriteCloser) {
_ = tls.Server(conn, r.httpsTLSConfig).Handshake()
tlsConn := tls.Server(conn, r.httpsTLSConfig)
defer tlsConn.Close()
// This avoids stale connections when validating the ACME challenge,
// as we expect a validation request to complete in a short period of time.
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
if err := tlsConn.HandshakeContext(ctx); err != nil {
log.FromContext(ctx).WithError(err).Debug("Error during ACME-TLS/1 handshake")
}
})
}