Don't hard-code the TLS connect timeout, use normal connect timeout.

For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_timeout setting.

logsrvd/logsrvd_relay.c

@@ -285,6 +285,7 @@ connect_relay_tls(struct connection_closure *closure)
     if (tls_client->tls_connect_ev == NULL)
         goto bad;
     tls_client->peer_name = &closure->relay_closure->relay_name;
+    tls_client->connect_timeout = *logsrvd_conf_relay_connect_timeout();
     tls_client->start_fn = tls_client_start_fn;
     if (!tls_ctx_client_setup(ssl_ctx, closure->relay_closure->sock, tls_client))
         goto bad;

logsrvd/sendlog.c

@@ -1441,6 +1441,7 @@ client_closure_alloc(int sock, struct sudo_event_base *base,
 	closure->tls_client.evbase = base;
 	closure->tls_client.parent_closure = closure;
 	closure->tls_client.peer_name = &server_info;
+	closure->tls_client.connect_timeout.tv_sec = TLS_HANDSHAKE_TIMEO_SEC;
 	closure->tls_client.start_fn = tls_start_fn;
     }
 #endif

logsrvd/tls_client.c

@@ -50,8 +50,6 @@
 #include "logsrv_util.h"
 #include "tls_common.h"
 
-#define TLS_HANDSHAKE_TIMEO_SEC 10
-
 #if defined(HAVE_OPENSSL)
 
 /*
@@ -104,7 +102,7 @@ tls_connect_cb(int sock, int what, void *v)
 {
     struct tls_client_closure *tls_client = v;
     struct sudo_event_base *evbase = tls_client->evbase;
-    struct timespec timeo = { TLS_HANDSHAKE_TIMEO_SEC, 0 };
+    const struct timespec *timeout = &tls_client->connect_timeout;
     const char *errstr;
     int con_stat;
     debug_decl(tls_connect_cb, SUDO_DEBUG_UTIL);
@@ -134,7 +132,7 @@ tls_connect_cb(int sock, int what, void *v)
 			goto bad;
 		    }
 		}
-                if (sudo_ev_add(evbase, tls_client->tls_connect_ev, &timeo, false) == -1) {
+                if (sudo_ev_add(evbase, tls_client->tls_connect_ev, timeout, false) == -1) {
                     sudo_warnx("%s", U_("unable to add event to queue"));
 		    goto bad;
                 }
@@ -150,7 +148,7 @@ tls_connect_cb(int sock, int what, void *v)
 			goto bad;
 		    }
 		}
-                if (sudo_ev_add(evbase, tls_client->tls_connect_ev, &timeo, false) == -1) {
+                if (sudo_ev_add(evbase, tls_client->tls_connect_ev, timeout, false) == -1) {
                     sudo_warnx("%s", U_("unable to add event to queue"));
 		    goto bad;
                 }

logsrvd/tls_common.h

@@ -30,6 +30,7 @@ struct tls_client_closure {
     struct sudo_event_base *evbase;	/* duplicated */
     struct sudo_event *tls_connect_ev;
     struct peer_info *peer_name;
+    struct timespec connect_timeout;
     bool (*start_fn)(struct tls_client_closure *);
     bool tls_connect_state;
 };

plugins/sudoers/log_client.c

@@ -89,7 +89,7 @@ connect_cb(int sock, int what, void *v)
  */
 static int
 timed_connect(int sock, const struct sockaddr *addr, socklen_t addrlen,
-    const struct timespec *timo)
+    const struct timespec *timeout)
 {
     struct sudo_event_base *evbase = NULL;
     struct sudo_event *connect_event = NULL;
@@ -105,7 +105,7 @@ timed_connect(int sock, const struct sockaddr *addr, socklen_t addrlen,
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	    goto done;
 	}
-	if (sudo_ev_add(evbase, connect_event, timo, false) == -1) {
+	if (sudo_ev_add(evbase, connect_event, timeout, false) == -1) {
 	    sudo_warnx("%s", U_("unable to add event to queue"));
 	    goto done;
 	}
@@ -280,6 +280,7 @@ struct tls_connect_closure {
     SSL *ssl;
     const char *host;
     const char *port;
+    const struct timespec *timeout;
     struct sudo_event_base *evbase;
     struct sudo_event *tls_connect_ev;
 };
@@ -288,7 +289,7 @@ static void
 tls_connect_cb(int sock, int what, void *v)
 {
     struct tls_connect_closure *closure = v;
-    struct timespec timeo = { 10, 0 };
+    const struct timespec *timeout = closure->timeout;
     int tls_con;
     debug_decl(tls_connect_cb, SUDOERS_DEBUG_UTIL);
 
@@ -320,7 +321,7 @@ tls_connect_cb(int sock, int what, void *v)
 		    }
 		}
 		if (sudo_ev_add(closure->evbase, closure->tls_connect_ev,
-			&timeo, false) == -1) {
+			timeout, false) == -1) {
                     sudo_warnx("%s", U_("unable to add event to queue"));
 		    goto bad;
                 }
@@ -336,7 +337,7 @@ tls_connect_cb(int sock, int what, void *v)
 		    }
 		}
 		if (sudo_ev_add(closure->evbase, closure->tls_connect_ev,
-			&timeo, false) == -1) {
+			timeout, false) == -1) {
                     sudo_warnx("%s", U_("unable to add event to queue"));
 		    goto bad;
                 }
@@ -364,7 +365,7 @@ bad:
 
 static bool
 tls_timed_connect(SSL *ssl, const char *host, const char *port,
-    const struct timespec *timo)
+    const struct timespec *timeout)
 {
     struct tls_connect_closure closure;
     debug_decl(tls_timed_connect, SUDOERS_DEBUG_UTIL);
@@ -373,6 +374,7 @@ tls_timed_connect(SSL *ssl, const char *host, const char *port,
     closure.ssl = ssl;
     closure.host = host;
     closure.port = port;
+    closure.timeout = timeout;
     closure.evbase = sudo_ev_base_alloc();
     closure.tls_connect_ev = sudo_ev_alloc(SSL_get_fd(ssl),
         SUDO_PLUGIN_EV_WRITE, tls_connect_cb, &closure);
@@ -382,7 +384,7 @@ tls_timed_connect(SSL *ssl, const char *host, const char *port,
 	goto done;
     }
 
-    if (sudo_ev_add(closure.evbase, closure.tls_connect_ev, timo, false) == -1) {
+    if (sudo_ev_add(closure.evbase, closure.tls_connect_ev, timeout, false) == -1) {
 	sudo_warnx("%s", U_("unable to add event to queue"));
 	goto done;
     }
@@ -410,7 +412,7 @@ static int
 connect_server(const char *host, const char *port, bool tls,
     struct client_closure *closure, const char **reason)
 {
-    const struct timespec *timo = &closure->log_details->server_timeout;
+    const struct timespec *timeout = &closure->log_details->server_timeout;
     struct addrinfo hints, *res, *res0;
     const char *addr, *cause = NULL;
     int error, sock = -1;
@@ -471,7 +473,7 @@ connect_server(const char *host, const char *port, bool tls,
                 continue;
             }
         }
-	if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timo) == -1) {
+	if (timed_connect(sock, res->ai_addr, res->ai_addrlen, timeout) == -1) {
 	    /* No need to set cause, caller's error message is sufficient. */
 	    save_errno = errno;
 	    close(sock);
@@ -524,7 +526,7 @@ connect_server(const char *host, const char *port, bool tls,
                 continue;
             }
             /* Perform TLS handshake. */
-            if (!tls_timed_connect(closure->ssl, host, port, timo)) {
+            if (!tls_timed_connect(closure->ssl, host, port, timeout)) {
                 cause = U_("TLS handshake was unsuccessful");
                 save_errno = errno;
                 close(sock);