tls flags, proper timeouts

test/configs/tls.conf

@@ -9,6 +9,8 @@ tls {
   cert_file: "./configs/certs/server-cert.pem"
   # Server private key
   key_file:  "./configs/certs/server-key.pem"
+  # Specified time for handshake to complete
+  timeout: 0.25
 }
 
 authorization {

test/tls_test.go

@@ -3,11 +3,15 @@
 package test
 
 import (
+	"bufio"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
+	"net"
+	"strings"
 	"testing"
+	"time"
 
 	"github.com/nats-io/nats"
 )
@@ -129,3 +133,40 @@ func TestTLSClientCertificate(t *testing.T) {
 	nc.Flush()
 	defer nc.Close()
 }
+
+func TestTLSConnectionTimeout(t *testing.T) {
+	srv, opts := RunServerWithConfig("./configs/tls.conf")
+	defer srv.Shutdown()
+
+	// Dial with normal TCP
+	endpoint := fmt.Sprintf("%s:%d", opts.Host, opts.Port)
+	conn, err := net.Dial("tcp", endpoint)
+	if err != nil {
+		t.Fatalf("Could not connect to %q", endpoint)
+	}
+	defer conn.Close()
+
+	// Read deadlines
+	conn.SetReadDeadline(time.Now().Add(time.Second))
+
+	// Read the INFO string.
+	br := bufio.NewReader(conn)
+	info, err := br.ReadString('\n')
+	if err != nil {
+		t.Fatalf("Failed to read INFO - %v", err)
+	}
+	if !strings.HasPrefix(info, "INFO ") {
+		t.Fatalf("INFO response incorrect: %s\n", info)
+	}
+	wait := time.Duration(opts.TLSTimeout * float64(time.Second))
+	time.Sleep(wait)
+	// Read deadlines
+	conn.SetReadDeadline(time.Now().Add(time.Second))
+	tlsErr, err := br.ReadString('\n')
+	if err != nil {
+		t.Fatalf("Error reading error response - %v\n", err)
+	}
+	if !strings.Contains(tlsErr, "-ERR 'Secure Connection - TLS Required") {
+		t.Fatalf("TLS Timeout response incorrect: %q\n", tlsErr)
+	}
+}