[v8] Client timeout fixes (#12633)

* Respect timeout in `(directDial).DialTimeout`

* Add a Timeout to the api/client/webclient calls

* Respect timeout in (proxyDial).DialTimeout

* Applied suggestion

Co-authored-by: Alan Parra <[email protected]>

Co-authored-by: Alan Parra <[email protected]>

api/client/webclient/webclient.go

@@ -30,6 +30,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/gravitational/teleport/api/constants"
 	"github.com/gravitational/teleport/api/defaults"
@@ -59,6 +60,8 @@ type Config struct {
 	ExtraHeaders map[string]string
 	// IgnoreHTTPProxy disables support for HTTP proxying when true.
 	IgnoreHTTPProxy bool
+	// Timeout is a timeout for requests.
+	Timeout time.Duration
 }
 
 // CheckAndSetDefaults checks and sets defaults
@@ -70,7 +73,9 @@ func (c *Config) CheckAndSetDefaults() error {
 	if c.ProxyAddr == "" && os.Getenv(defaults.TunnelPublicAddrEnvar) == "" {
 		return trace.BadParameter(message, "missing parameter ProxyAddr")
 	}
-
+	if c.Timeout == 0 {
+		c.Timeout = defaults.DefaultDialTimeout
+	}
 	return nil
 }
 
@@ -92,6 +97,7 @@ func newWebClient(cfg *Config) (*http.Client, error) {
 	}
 	return &http.Client{
 		Transport: &transport,
+		Timeout:   cfg.Timeout,
 	}, nil
 }
 

lib/utils/proxy/proxy.go

@@ -126,7 +126,9 @@ func (d directDial) DialTimeout(network, address string, timeout time.Duration)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
-		tlsConn, err := tls.Dial("tcp", address, conf)
+		tlsConn, err := tls.DialWithDialer(&net.Dialer{
+			Timeout: timeout,
+		}, "tcp", address, conf)
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
@@ -183,7 +185,12 @@ func (d proxyDial) DialTimeout(network, address string, timeout time.Duration) (
 		if err != nil {
 			return nil, trace.Wrap(err)
 		}
-		conn = tls.Client(conn, conf)
+		tlsConn := tls.Client(conn, conf)
+		if err = tlsConn.HandshakeContext(ctx); err != nil {
+			conn.Close()
+			return nil, trace.Wrap(err)
+		}
+		conn = tlsConn
 	}
 	return conn, nil
 }