From a74d663efc8f2b4b6a1c300ce2912765ba6538f0 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Tue, 28 Nov 2023 15:43:31 -0700
Subject: [PATCH] verify/server: decrease timeout (#253)

---
 http.go | 1 +
 tls.go  | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/http.go b/http.go
index dcbd039..96bc557 100644
--- a/http.go
+++ b/http.go
@@ -33,6 +33,7 @@ func (srv *Server) initRouter() {
 	transport.DialTLSContext = srv.tlsVerifier.DialTLSContext
 	client := &http.Client{
 		Transport: transport,
+		Timeout:   maxRemoteWait,
 	}
 
 	expected := &jwt.Expected{
diff --git a/tls.go b/tls.go
index 6541aed..4945c06 100644
--- a/tls.go
+++ b/tls.go
@@ -12,6 +12,8 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
+const maxRemoteWait = 5 * time.Second
+
 type tlsVerifier struct {
 	mu     sync.Mutex
 	errors map[string]error
@@ -23,8 +25,8 @@ func newTLSVerifier() *tlsVerifier {
 
 func (v *tlsVerifier) DialTLSContext(ctx context.Context, network, addr string) (net.Conn, error) {
 	dialer := &net.Dialer{
-		Timeout:   30 * time.Second,
-		KeepAlive: 30 * time.Second,
+		Timeout:   maxRemoteWait,
+		KeepAlive: maxRemoteWait,
 		DualStack: true,
 	}
 	log.Info().Str("addr", addr).Msg("dialing")