Expose timeouts on the freestanding OCSP request utils

author: Jack Lloyd <[email protected]> 2017-12-16 14:09:01 -0500
committer: Jack Lloyd <[email protected]> 2017-12-17 14:59:21 -0500
commit: db192f099e7cae79c391e2cec3ec26436093dcb1 (patch)
tree: decce824516e8e4aa9cac9e47523cbb953a03be5
parent: 3679787e87482f96164f1fab4320d9ecacf1c6b9 (diff)
3 files changed, 27 insertions, 8 deletions
diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp
index eb09eb41d..10e7a1c7f 100644
--- a/src/cli/x509.cpp
+++ b/src/cli/x509.cpp
@@ -117,16 +117,17 @@ BOTAN_REGISTER_COMMAND("cert_info", Cert_Info);
 class OCSP_Check final : public Command
    {
    public:
-      OCSP_Check() : Command("ocsp_check subject issuer") {}
+      OCSP_Check() : Command("ocsp_check --timeout=3000 subject issuer") {}
 
       void go() override
          {
          Botan::X509_Certificate subject(get_arg("subject"));
          Botan::X509_Certificate issuer(get_arg("issuer"));
+         std::chrono::milliseconds timeout(get_arg_sz("timeout"));
 
          Botan::Certificate_Store_In_Memory cas;
          cas.add_certificate(issuer);
-         Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, &cas);
+         Botan::OCSP::Response resp = Botan::OCSP::online_check(issuer, subject, &cas, timeout);
 
          auto status = resp.status_for(issuer, subject, std::chrono::system_clock::now());
 
diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
index cf0c1064b..6d8d66687 100644
--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
@@ -283,7 +283,8 @@ Certificate_Status_Code Response::status_for(const X509_Certificate& issuer,
 Response online_check(const X509_Certificate& issuer,
                       const BigInt& subject_serial,
                       const std::string& ocsp_responder,
-                      Certificate_Store* trusted_roots)
+                      Certificate_Store* trusted_roots,
+                      std::chrono::milliseconds timeout)
    {
    if(ocsp_responder.empty())
       throw Invalid_Argument("No OCSP responder specified");
@@ -292,7 +293,9 @@ Response online_check(const X509_Certificate& issuer,
 
    auto http = HTTP::POST_sync(ocsp_responder,
                                "application/ocsp-request",
-                               req.BER_encode());
+                               req.BER_encode(),
+                               1,
+                               timeout);
 
    http.throw_unless_ok();
 
@@ -312,7 +315,8 @@ Response online_check(const X509_Certificate& issuer,
 
 Response online_check(const X509_Certificate& issuer,
                       const X509_Certificate& subject,
-                      Certificate_Store* trusted_roots)
+                      Certificate_Store* trusted_roots,
+                      std::chrono::milliseconds timeout)
    {
    if(subject.issuer_dn() != issuer.subject_dn())
       throw Invalid_Argument("Invalid cert pair to OCSP::online_check (mismatched issuer,subject args?)");
@@ -320,7 +324,8 @@ Response online_check(const X509_Certificate& issuer,
    return online_check(issuer,
                        BigInt::decode(subject.serial_number()),
                        subject.ocsp_responder(),
-                       trusted_roots);
+                       trusted_roots,
+                       timeout);
    }
 
 #endif
diff --git a/src/lib/x509/ocsp.h b/src/lib/x509/ocsp.h
index 33177dc59..1b780d63f 100644
--- a/src/lib/x509/ocsp.h
+++ b/src/lib/x509/ocsp.h
@@ -11,6 +11,7 @@
 #include <botan/cert_status.h>
 #include <botan/ocsp_types.h>
 #include <botan/x509_dn.h>
+#include <chrono>
 
 namespace Botan {
 
@@ -164,23 +165,35 @@ class BOTAN_PUBLIC_API(2,0) Response final
 
 #if defined(BOTAN_HAS_HTTP_UTIL)
 
+/**
+* Makes an online OCSP request via HTTP and returns the OCSP response.
+* @param issuer issuer certificate
+* @param subject_serial the subject's serial number
+* @param ocsp_responder the OCSP responder to query
+* @param trusted_roots trusted roots for the OCSP response
+* @param timeout a timeout on the HTTP request
+* @return OCSP response
+*/
 BOTAN_PUBLIC_API(2,1)
 Response online_check(const X509_Certificate& issuer,
                       const BigInt& subject_serial,
                       const std::string& ocsp_responder,
-                      Certificate_Store* trusted_roots);
+                      Certificate_Store* trusted_roots,
+                      std::chrono::milliseconds timeout = std::chrono::milliseconds(3000));
 
 /**
 * Makes an online OCSP request via HTTP and returns the OCSP response.
 * @param issuer issuer certificate
 * @param subject subject certificate
 * @param trusted_roots trusted roots for the OCSP response
+* @param timeout a timeout on the HTTP request
 * @return OCSP response
 */
 BOTAN_PUBLIC_API(2,0)
 Response online_check(const X509_Certificate& issuer,
                       const X509_Certificate& subject,
-                      Certificate_Store* trusted_roots);
+                      Certificate_Store* trusted_roots,
+                      std::chrono::milliseconds timeout = std::chrono::milliseconds(3000));
 
 #endif
author	Jack Lloyd <[email protected]>	2017-12-16 14:09:01 -0500
committer	Jack Lloyd <[email protected]>	2017-12-17 14:59:21 -0500
commit	db192f099e7cae79c391e2cec3ec26436093dcb1 (patch)
tree	decce824516e8e4aa9cac9e47523cbb953a03be5
parent	3679787e87482f96164f1fab4320d9ecacf1c6b9 (diff)