Add tls_handshake_timeout_ms endpoint config option

io/zenoh-links/zenoh-link-tls/src/lib.rs

@@ -81,8 +81,6 @@ zconfigurable! {
     // Amount of time in microseconds to throttle the accept loop upon an error.
     // Default set to 100 ms.
     static ref TLS_ACCEPT_THROTTLE_TIME: u64 = 100_000;
-    /// The time duration in milliseconds to wait for the TLS handshake to complete.
-    static ref TLS_HANDSHAKE_TIMEOUT_MS: u64 = 10_000;
 }
 
 pub mod config {
@@ -110,4 +108,8 @@ pub mod config {
 
     pub const TLS_VERIFY_NAME_ON_CONNECT: &str = "verify_name_on_connect";
     pub const TLS_VERIFY_NAME_ON_CONNECT_DEFAULT: bool = true;
+
+    /// The time duration in milliseconds to wait for the TLS handshake to complete.
+    pub const TLS_HANDSHAKE_TIMEOUT_MS: &str = "tls_handshake_timeout_ms";
+    pub const TLS_HANDSHAKE_TIMEOUT_MS_DEFAULT: u64 = 10_000;
 }

io/zenoh-links/zenoh-link-tls/src/unicast.rs

@@ -35,8 +35,7 @@ use zenoh_result::{zerror, ZResult};
 
 use crate::{
     utils::{get_tls_addr, get_tls_host, get_tls_server_name, TlsClientConfig, TlsServerConfig},
-    TLS_ACCEPT_THROTTLE_TIME, TLS_DEFAULT_MTU, TLS_HANDSHAKE_TIMEOUT_MS, TLS_LINGER_TIMEOUT,
-    TLS_LOCATOR_PREFIX,
+    TLS_ACCEPT_THROTTLE_TIME, TLS_DEFAULT_MTU, TLS_LINGER_TIMEOUT, TLS_LOCATOR_PREFIX,
 };
 
 #[derive(Default, Debug, PartialEq, Eq, Hash)]
@@ -370,7 +369,16 @@ impl LinkManagerUnicastTrait for LinkManagerUnicastTls {
             let token = token.clone();
             let manager = self.manager.clone();
 
-            async move { accept_task(socket, acceptor, token, manager).await }
+            async move {
+                accept_task(
+                    socket,
+                    acceptor,
+                    token,
+                    manager,
+                    tls_server_config.tls_handshake_timeout,
+                )
+                .await
+            }
         };
 
         // Update the endpoint locator address
@@ -407,6 +415,7 @@ async fn accept_task(
     acceptor: TlsAcceptor,
     token: CancellationToken,
     manager: NewLinkChannelSender,
+    tls_handshake_timeout: Duration,
 ) -> ZResult<()> {
     async fn accept(socket: &TcpListener) -> ZResult<(TcpStream, SocketAddr)> {
         let res = socket.accept().await.map_err(|e| zerror!(e))?;
@@ -438,7 +447,7 @@ async fn accept_task(
 
                         // Accept the TLS connection
                         let tls_stream = match tokio::time::timeout(
-                            Duration::from_millis(*TLS_HANDSHAKE_TIMEOUT_MS),
+                            tls_handshake_timeout,
                             acceptor.accept(tcp_stream),
                         )
                         .await

io/zenoh-links/zenoh-link-tls/src/utils.rs

@@ -14,10 +14,11 @@
 use std::{
     convert::TryFrom,
     fs::File,
-    io,
-    io::{BufReader, Cursor},
+    io::{self, BufReader, Cursor},
     net::SocketAddr,
+    str::FromStr,
     sync::Arc,
+    time::Duration,
 };
 
 use rustls::{
@@ -37,7 +38,7 @@ use zenoh_protocol::core::{
 };
 use zenoh_result::{bail, zerror, ZError, ZResult};
 
-use crate::config::*;
+use crate::config::{self, *};
 
 #[derive(Default, Clone, Copy, Debug)]
 pub struct TlsConfigurator;
@@ -149,6 +150,7 @@ impl ConfigurationInspector<ZenohConfig> for TlsConfigurator {
 
 pub(crate) struct TlsServerConfig {
     pub(crate) server_config: ServerConfig,
+    pub(crate) tls_handshake_timeout: Duration,
 }
 
 impl TlsServerConfig {
@@ -217,7 +219,19 @@ impl TlsServerConfig {
                 .with_single_cert(certs, keys.remove(0))
                 .map_err(|e| zerror!(e))?
         };
-        Ok(TlsServerConfig { server_config: sc })
+
+        let tls_handshake_timeout = Duration::from_millis(
+            config
+                .get(config::TLS_HANDSHAKE_TIMEOUT_MS)
+                .map(u64::from_str)
+                .transpose()?
+                .unwrap_or(config::TLS_HANDSHAKE_TIMEOUT_MS_DEFAULT),
+        );
+
+        Ok(TlsServerConfig {
+            server_config: sc,
+            tls_handshake_timeout,
+        })
     }
 
     async fn load_tls_private_key(config: &Config<'_>) -> ZResult<Vec<u8>> {