From e913574e027d7d75783b9ffc56375b2edc0418f3 Mon Sep 17 00:00:00 2001
From: Giel van Schijndel <me@mortis.eu>
Date: Sat, 25 Jun 2011 04:31:48 +0200
Subject: rpc: don't send 403 when using SSL to prevent DoS

Signed-off-by: Giel van Schijndel <me@mortis.eu>
---
 src/rpc.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/rpc.cpp')

diff --git a/src/rpc.cpp b/src/rpc.cpp
index 7e0f05c6da..780209920e 100644
--- a/src/rpc.cpp
+++ b/src/rpc.cpp
@@ -1889,7 +1889,9 @@ void ThreadRPCServer2(void* parg)
         // Restrict callers by IP
         if (!ClientAllowed(peer.address().to_string()))
         {
-            stream << HTTPReply(403, "") << std::flush;
+            // Only send a 403 if we're not using SSL to prevent a DoS during the SSL handshake.
+            if (!fUseSSL)
+                stream << HTTPReply(403, "") << std::flush;
             continue;
         }
 
-- 
cgit v1.2.3