-
-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VA should set a timeout on challenge connections #226
Comments
I think this is a bug that we aren't doing it. Also it should be an audit event. |
For SimpleHTTPS, we have an HTTP-level timeout, but I think we need to add a TCP-level one. For DVSNI there's no timeout that I see. Per https://groups.google.com/forum/#!topic/golang-nuts/7p61fSVtJ5k, here's what we probably need to do:
|
This PR updates the `github.com/prometheus/client_golang` dependency to the v0.8.0 release tag. For future note, `godep update github.com/prometheus/client_golang/prometheus/promhttp` doesn't work correctly for this package due to the nesting structure (See tools/godep#164). This can be worked around by using `godep update github.com/prometheus/client_golang/...` instead ¯\\\_(ツ)\_/¯ Per `CONTRIBUTING.md` I verified the unit tests pass: ``` daniel@XXXXXX:~/go/src/github.com/prometheus/client_golang$ git show -s commit c5b7fccd204277076155f10851dad72b76a49317 Merge: a4d14b3 1b26087 Author: Björn Rabenstein <bjoern@rabenste.in> Date: Wed Aug 17 17:48:24 2016 +0200 Merge pull request #226 from prometheus/beorn7/alloc Bring back zero-alloc label-value access for metric vecs daniel@XXXXXX:~/go/src/github.com/prometheus/client_golang$ go test ./... ok github.com/prometheus/client_golang/api/prometheus 0.003s ? github.com/prometheus/client_golang/examples/random [no test files] ? github.com/prometheus/client_golang/examples/simple [no test files] ok github.com/prometheus/client_golang/prometheus 28.661s ok github.com/prometheus/client_golang/prometheus/promhttp 0.013s ok github.com/prometheus/client_golang/prometheus/push 0.007s ```
Otherwise it's possible for servers to stall the connection for a long time and do a resource starvation attack.
The text was updated successfully, but these errors were encountered: