diff options
author | Jack Lloyd <[email protected]> | 2016-11-21 20:50:52 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-23 08:31:07 -0500 |
commit | fc638a430c89f01e5eadf3295605cdc3dba78a13 (patch) | |
tree | 7e486db3d6849f932bf2bcbf8fbd6d1dbc14ffc1 /src/lib/tls | |
parent | 33e855853886193867b32da847b8b77f7bc102ee (diff) |
Add the documented function for OCSP timeouts
Diffstat (limited to 'src/lib/tls')
-rw-r--r-- | src/lib/tls/tls_callbacks.cpp | 4 | ||||
-rw-r--r-- | src/lib/tls/tls_callbacks.h | 9 |
2 files changed, 10 insertions, 3 deletions
diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 1bf1af6a3..f43890e20 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -35,8 +35,6 @@ void TLS::Callbacks::tls_verify_cert_chain( Path_Validation_Restrictions restrictions; - auto ocsp_timeout = std::chrono::milliseconds(300); - Path_Validation_Result result = x509_path_validate(cert_chain, restrictions, @@ -44,7 +42,7 @@ void TLS::Callbacks::tls_verify_cert_chain( (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""), usage, std::chrono::system_clock::now(), - ocsp_timeout); + tls_verify_cert_chain_ocsp_timeout()); if(!result.successful_validation()) throw Exception("Certificate validation failure: " + result.result_string()); diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 9de7710f4..db9f9e21d 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -124,6 +124,15 @@ class BOTAN_DLL Callbacks const std::string& hostname); /** + * Called by default `tls_verify_cert_chain` to get the timeout to use for OCSP + * requests. Return 0 to disable online OCSP checks. + */ + virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const + { + return std::chrono::milliseconds(0); + } + + /** * Optional callback: inspect handshake message * Throw an exception to abort the handshake. * Default simply ignores the message. |