[asterisk-dev] SIP TLS handshake needs a timeout

[David Vossel]

Hello!

Here's the problem.  Right now, if Asterisk attempts to initiate a SIP TLS client connection with another Asterisk box, but the receiving box only has TCP bound to the incoming connection's port, a TCP connection will be established between the two boxes, but the box initiating the connection will forever be stuck waiting for the receiving box to complete the TLS handshake.  This is a huge problem because TLS connection setup is done while the monitor lock is held.  This patch aims at fixing that issue, https://reviewboard.asterisk.org/r/380/, but does not resolve the fact that a TLS connection will never go away if the TLS handshake does not complete.  

I've looked over the openssl toolkit and have not been able to find a successful method of doing this.  I've even attempted some rather unorthodox methods of scheduling the file descriptor's closure during the handshake after a period of time, and that did not work either.  Note that this is not a timeout involving the setup of TCP socket, it occurs after that once the the TLS client initiates the TLS handshake and gets no response.

Perhaps I am overlooking some obvious solution here.  Does anyone have any ideas?

~Vossel