HTTPS server timeout is inaccurate

[triska]

When I set timeout/1 in an HTTPS server, I get about twice the timeout that I actually set.

As a test case, place https_server.pl in packages-ssl, consisting of:

:- use_module(library(http/thread_httpd)).
:- use_module(library(http/http_ssl_plugin)).

https_server(Port, Options) :-
        http_server(reply,
                    [ port(Port),
                      ssl([ certificate_file('etc/server/server-cert.pem'),
                            key_file('etc/server/server-key.pem'),
                            password(apenoot1)
                          ])
                    | Options
                    ]).
reply(_) :-
        format("Content-type: text/plain~n~n"),
        format("Hello!").

Start the server with:

$ swipl https_server.pl 
...

?- https_server(1125, [timeout(5)]).
% Started server at https://localhost:1125/
true.

Then, connect to the server via:

$ time openssl s_client -connect localhost:1125

After about 10 seconds, I get:

...
read:errno=0

real	0m10.019s
user	0m0.000s
sys	0m0.004s

[triska]

As another test case, the default timeout of 60 seconds becomes 2 minutes, likely due to the same issue.

I think this issue is a good candidate to look into before the stable release, since reliable timeouts help to increase robustness.

[JanWielemaker]

My suspicion is that somehow the low-level stuff needs to timeout twice before it gets through the SSL layer. Just a factor 2 off isn't that vital. Typically timeout values are nearly random educated guesses anyway.