Set an explicit timeout on SSL handshake to prevent hangs

If we do not set a timeout on the SSL handshake, this can cause an infinite
hang if something happens during this point to the remote end - this
has been seen with AWS MQ RabbitMQ during cluster maintenance triggering
a reboot, and causing hangs of any connection that is in the handshake
phase.

Author: ccorbacho

amqp/transport.py

@@ -401,6 +401,8 @@ def __init__(self, host, connect_timeout=None, ssl=None, **kwargs):
     def _setup_transport(self):
         """Wrap the socket in an SSL object."""
         self.sock = self._wrap_socket(self.sock, **self.sslopts)
+        # Explicitly set a timeout here to stop any hangs on handshake.
+        self.sock.settimeout(self.connect_timeout)
         self.sock.do_handshake()
         self._quick_recv = self.sock.read
 

t/unit/test_transport.py

@@ -864,6 +864,14 @@ def test_read_SSLError(self):
         with pytest.raises(socket.timeout):
             self.t._read(64)
 
+    def test_handshake_timeout(self):
+        self.t.sock = Mock()
+        self.t._wrap_socket = Mock()
+        self.t._wrap_socket.return_value = self.t.sock
+        self.t.sock.do_handshake.side_effect = socket.timeout()
+        with pytest.raises(socket.timeout):
+            self.t._setup_transport()
+
 
 class test_TCPTransport:
     class Transport(transport.TCPTransport):