# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1492694947 -10800
# Node ID 8821e405b91ef4d171e64bc4a40ecb2d1bd38605
# Parent  1e79a96138130891de18fa73387523d542309427
Tests: handled SSL negotiation errors.

diff --git a/ssl_proxy_protocol.t b/ssl_proxy_protocol.t
--- a/ssl_proxy_protocol.t
+++ b/ssl_proxy_protocol.t
@@ -153,10 +153,22 @@ sub pp_get {
 
 	my $s = http($proxy, start => 1);
 
-	IO::Socket::SSL->start_SSL($s,
-		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-		SSL_error_trap => sub { die $_[1] }
-	);
+	eval {
+		local $SIG{ALRM} = sub { die "timeout\n" };
+		local $SIG{PIPE} = sub { die "sigpipe\n" };
+		alarm(2);
+		IO::Socket::SSL->start_SSL($s,
+			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+			SSL_error_trap => sub { die $_[1] }
+		);
+		alarm(0);
+	};
+	alarm(0);
+
+	if ($@) {
+		log_in("died: $@");
+		return undef;
+	}
 
 	return http(<<EOF, socket => $s);
 GET $url HTTP/1.0
diff --git a/stream_ssl_realip.t b/stream_ssl_realip.t
--- a/stream_ssl_realip.t
+++ b/stream_ssl_realip.t
@@ -131,10 +131,22 @@ sub pp_get {
 	my $s = stream(PeerPort => port($port));
 	$s->write($proxy);
 
-	IO::Socket::SSL->start_SSL($s->{_socket},
-		SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
-		SSL_error_trap => sub { die $_[1] }
-	);
+	eval {
+		local $SIG{ALRM} = sub { die "timeout\n" };
+		local $SIG{PIPE} = sub { die "sigpipe\n" };
+		alarm(2);
+		IO::Socket::SSL->start_SSL($s->{_socket},
+			SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
+			SSL_error_trap => sub { die $_[1] }
+		);
+		alarm(0);
+	};
+	alarm(0);
+
+	if ($@) {
+		log_in("died: $@");
+		return undef;
+	}
 
 	return $s->read();
 }