@headcrack !GNUsocial stalls because the underlying HTTPS request never times out, which only happens with PHP sockets as the backend for HTTP_Request2 and not with the CURL backend. This is reproducible outside of the GNUsocial framework as well: https://git.gnu.io/gnu/gnu-social/issues/281#note_5674


I am fully aware of the snail-pace type DoS attack and that's why there is a "full spectrum timeout" set in deeper parts of the code (HTTP_Request2_SocketWrapper runs stream_set_timeout - and PHP itself has a default_socket_timeout of 60s), which if the socket timeouts worked (in PHP) would kill the connection _regardless_ of how many or few bytes have been received since the last fread():