From 73cee29f557aab74e6c1e825a6aaf96749035575 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 16 Mar 2020 14:50:59 +0100
Subject: [PATCH] Make TLS Handshake timeout max 4/5th of timeout

for the query, just like connection setup timeout was, so fallback transport have a chance too when TCP connection setup is less well detectable (as with TCP_FASTOPEN on MacOS).
---
 ChangeLog  | 4 ++++
 src/stub.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e4d94f3a..a92f667c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
 * 2020-0?-??: Version 1.6.1-rc.1
+  * Make TLS Handshake timeout max 4/5th of timeout for the query,
+    just like connection setup timeout was, so fallback transport
+    have a chance too when TCP connection setup is less well
+    detectable (as with TCP_FASTOPEN on MacOS).
   * Issue #466: Memory leak with retrying queries (for examples
     with search paths). Thanks doublez13.
 
diff --git a/src/stub.c b/src/stub.c
index 15f40dc8..24aa0795 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -984,7 +984,7 @@ tls_do_handshake(getdns_upstream *upstream)
 	int r;
 	while ((r = _getdns_tls_connection_do_handshake(upstream->tls_obj)) != GETDNS_RETURN_GOOD)
 	{
-		uint64_t timeout_tls = _getdns_ms_until_expiry(upstream->expires);
+		uint64_t timeout_tls = _getdns_ms_until_expiry(upstream->expires)/5*4;
 
 		if (timeout_tls < MIN_TLS_HS_TIMEOUT)
 			timeout_tls = MIN_TLS_HS_TIMEOUT;