From 4b015c8bc0caed28ad79e8f42149d27f74da5529 Mon Sep 17 00:00:00 2001
From: Delyan Angelov <delian66@gmail.com>
Date: Wed, 20 Nov 2024 23:42:01 +0200
Subject: [PATCH] net.mbedtls: define MBEDTLS_THREADING_PTHREAD, in
 mbedtls_config.h; call C.mbedtls_ssl_conf_read_timeout explicitly in the
 wrapper, with a shorter timeout value of 317ms (determined experimentally)

---
 thirdparty/mbedtls/include/mbedtls/mbedtls_config.h | 4 ++--
 vlib/net/mbedtls/mbedtls.c.v                        | 4 ++++
 vlib/net/mbedtls/ssl_connection.c.v                 | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/thirdparty/mbedtls/include/mbedtls/mbedtls_config.h b/thirdparty/mbedtls/include/mbedtls/mbedtls_config.h
index 78c36354334075..2b9740476e87b4 100644
--- a/thirdparty/mbedtls/include/mbedtls/mbedtls_config.h
+++ b/thirdparty/mbedtls/include/mbedtls/mbedtls_config.h
@@ -1903,7 +1903,7 @@
  *
  * Uncomment this to enable pthread mutexes.
  */
-//#define MBEDTLS_THREADING_PTHREAD
+#define MBEDTLS_THREADING_PTHREAD
 
 /**
  * \def MBEDTLS_USE_PSA_CRYPTO
@@ -3283,7 +3283,7 @@
  *
  * Enable this layer to allow use of mutexes within mbed TLS
  */
-//#define MBEDTLS_THREADING_C
+#define MBEDTLS_THREADING_C
 
 /**
  * \def MBEDTLS_TIMING_C
diff --git a/vlib/net/mbedtls/mbedtls.c.v b/vlib/net/mbedtls/mbedtls.c.v
index 5051e46a5ccd35..6e69131c50061c 100644
--- a/vlib/net/mbedtls/mbedtls.c.v
+++ b/vlib/net/mbedtls/mbedtls.c.v
@@ -208,3 +208,7 @@ fn C.mbedtls_x509_crt_parse(&C.mbedtls_x509_crt, &u8, usize) int
 fn C.mbedtls_x509_crt_parse_file(&C.mbedtls_x509_crt, &char) int
 
 fn C.mbedtls_high_level_strerr(int) &char
+
+fn C.mbedtls_debug_set_threshold(level int)
+
+fn C.mbedtls_ssl_conf_read_timeout(conf &C.mbedtls_ssl_config, timeout u32)
diff --git a/vlib/net/mbedtls/ssl_connection.c.v b/vlib/net/mbedtls/ssl_connection.c.v
index 706b24ac673638..e0c9a58b26f12a 100644
--- a/vlib/net/mbedtls/ssl_connection.c.v
+++ b/vlib/net/mbedtls/ssl_connection.c.v
@@ -21,6 +21,7 @@ fn init() {
 			C.mbedtls_ctr_drbg_free(&ctr_drbg)
 			panic('Failed to seed ssl context: ${ret}')
 		}
+		// C.mbedtls_debug_set_threshold(5)
 	}
 }
 
@@ -175,6 +176,7 @@ fn (mut l SSLListener) init() ! {
 	C.mbedtls_net_init(&l.server_fd)
 	C.mbedtls_ssl_init(&l.ssl)
 	C.mbedtls_ssl_config_init(&l.conf)
+	C.mbedtls_ssl_conf_read_timeout(&l.conf, 41_000)
 	l.certs = &SSLCerts{}
 	C.mbedtls_x509_crt_init(&l.certs.client_cert)
 	C.mbedtls_pk_init(&l.certs.client_key)
@@ -363,13 +365,13 @@ fn (mut s SSLConn) init() ! {
 	C.mbedtls_net_init(&s.server_fd)
 	C.mbedtls_ssl_init(&s.ssl)
 	C.mbedtls_ssl_config_init(&s.conf)
-
 	mut ret := 0
 	ret = C.mbedtls_ssl_config_defaults(&s.conf, C.MBEDTLS_SSL_IS_CLIENT, C.MBEDTLS_SSL_TRANSPORT_STREAM,
 		C.MBEDTLS_SSL_PRESET_DEFAULT)
 	if ret != 0 {
 		return error_with_code('Failed to set SSL configuration', ret)
 	}
+	C.mbedtls_ssl_conf_read_timeout(&s.conf, 317)
 
 	unsafe {
 		C.mbedtls_ssl_conf_rng(&s.conf, C.mbedtls_ctr_drbg_random, &ctr_drbg)