aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-21 20:50:52 -0500
committerJack Lloyd <[email protected]>2016-11-23 08:31:07 -0500
commitfc638a430c89f01e5eadf3295605cdc3dba78a13 (patch)
tree7e486db3d6849f932bf2bcbf8fbd6d1dbc14ffc1 /src/lib/tls
parent33e855853886193867b32da847b8b77f7bc102ee (diff)
Add the documented function for OCSP timeouts
Diffstat (limited to 'src/lib/tls')
-rw-r--r--src/lib/tls/tls_callbacks.cpp4
-rw-r--r--src/lib/tls/tls_callbacks.h9
2 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp
index 1bf1af6a3..f43890e20 100644
--- a/src/lib/tls/tls_callbacks.cpp
+++ b/src/lib/tls/tls_callbacks.cpp
@@ -35,8 +35,6 @@ void TLS::Callbacks::tls_verify_cert_chain(
Path_Validation_Restrictions restrictions;
- auto ocsp_timeout = std::chrono::milliseconds(300);
-
Path_Validation_Result result =
x509_path_validate(cert_chain,
restrictions,
@@ -44,7 +42,7 @@ void TLS::Callbacks::tls_verify_cert_chain(
(usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""),
usage,
std::chrono::system_clock::now(),
- ocsp_timeout);
+ tls_verify_cert_chain_ocsp_timeout());
if(!result.successful_validation())
throw Exception("Certificate validation failure: " + result.result_string());
diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h
index 9de7710f4..db9f9e21d 100644
--- a/src/lib/tls/tls_callbacks.h
+++ b/src/lib/tls/tls_callbacks.h
@@ -124,6 +124,15 @@ class BOTAN_DLL Callbacks
const std::string& hostname);
/**
+ * Called by default `tls_verify_cert_chain` to get the timeout to use for OCSP
+ * requests. Return 0 to disable online OCSP checks.
+ */
+ virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const
+ {
+ return std::chrono::milliseconds(0);
+ }
+
+ /**
* Optional callback: inspect handshake message
* Throw an exception to abort the handshake.
* Default simply ignores the message.