From d0a510664b71a24006774450d6326a09c399245e Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Mon, 23 Apr 2018 06:24:23 -0700
Subject: [PATCH] Remove Timeout field from VA's http.Client. (#3661)

This field was set to singleDialTimeout, but the net/http library treats
it as covering all of dial, write headers, and read headers and body.
Since http01Dialer also uses singleDialTimeout, there's a race between
http01Dialer and net/http to see who will time out first. The result is
that sometimes we give "Timeout after connect" when the error really
should be "Timeout during connect." This issue also inhibits IPv6 to
IPv4 fallback, and tickles a data race that was causing a rare panic in
VA: https://github.com/letsencrypt/boulder/issues/3109.

After this change, the overall HTTP request will get the full deadline
allowed by the RPC context. The dialer will continue to use
singleDialTimeout for each of its two possible dial attempts.
---
 va/va.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/va/va.go b/va/va.go
index a1d66d5aa..b9bee98f8 100644
--- a/va/va.go
+++ b/va/va.go
@@ -431,7 +431,6 @@ func (va *ValidationAuthorityImpl) fetchHTTP(ctx context.Context, identifier cor
 	client := http.Client{
 		Transport:     tr,
 		CheckRedirect: logRedirect,
-		Timeout:       singleDialTimeout,
 	}
 	httpResponse, err := client.Do(httpRequest)
 	// Append a validation record now that we have dialed the dialer