diff --git a/src/proxy/pool.rs b/src/proxy/pool.rs index ed4f03c0..caae875f 100644 --- a/src/proxy/pool.rs +++ b/src/proxy/pool.rs @@ -100,7 +100,7 @@ impl Connection { &mut self, req: Request>, ) -> impl Future>> { - self.0 .0.send_request(req) + self.0.0.send_request(req) } } @@ -143,12 +143,18 @@ impl Pool { request_sender } // Connect won, checkout can just be dropped. - Either::Right((Err(err), checkout)) => match err { - // Connect won but we already had an in-flight connection, so use that. - Error::PoolAlreadyConnecting => checkout.await?, - // Some other connection error - err => return Err(err), - }, + Either::Right((Err(err), checkout)) => { + debug!( + ?key, + "connect won, but wait for existing pooled connection to establish" + ); + match err { + // Connect won but we already had an in-flight connection, so use that. + Error::PoolAlreadyConnecting => checkout.await?, + // Some other connection error + err => return Err(err), + } + } }; Ok(Connection(request_sender)) diff --git a/src/tls/workload.rs b/src/tls/workload.rs index 514fe14e..983a7d40 100644 --- a/src/tls/workload.rs +++ b/src/tls/workload.rs @@ -29,12 +29,16 @@ use std::future::Future; use std::io; use std::pin::Pin; use std::sync::Arc; +use std::time::Duration; use crate::tls; use tokio::net::TcpStream; +use tokio::time::timeout; use tokio_rustls::client; use tracing::{debug, trace}; +const TLS_HANDSHAKE_TIMEOUT: u64 = 10; + #[derive(Clone, Debug)] pub struct InboundAcceptor { provider: F, @@ -146,12 +150,14 @@ where let mut acceptor = self.provider.clone(); Box::pin(async move { let tls = acceptor.fetch_cert(&conn).await?; - tokio_rustls::TlsAcceptor::from(tls) + let tls_accept = tokio_rustls::TlsAcceptor::from(tls) .accept(conn) - .map_err(TlsError::Handshake) - .await - }) - } + .map_err(TlsError::Handshake); + timeout(Duration::from_secs(TLS_HANDSHAKE_TIMEOUT), tls_accept).map_err(move |e| { + TlsError::Handshake(e.into()) + }).await? + }) +} } #[derive(Clone, Debug)] @@ -166,7 +172,8 @@ impl OutboundConnector { ) -> Result, io::Error> { let dest = ServerName::IpAddress(stream.peer_addr().unwrap().ip().into()); let c = tokio_rustls::TlsConnector::from(self.client_config); - c.connect(dest, stream).await + + timeout(Duration::from_secs(TLS_HANDSHAKE_TIMEOUT), c.connect(dest, stream)).await? } }