diff options
| author | Jack Lloyd <[email protected]> | 2017-12-16 13:39:59 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-12-17 14:59:21 -0500 |
| commit | dc8355ad610634e98c59700540a52523da1ca0d7 (patch) | |
| tree | a14d7f98bd09463766124295602c3759d75c210f /src/lib/x509 | |
| parent | 9a314557b1e38c63bcf8a404ebf31248a9402015 (diff) | |
Use HTTP level timeouts instead of polling on the std::future
Diffstat (limited to 'src/lib/x509')
| -rw-r--r-- | src/lib/x509/x509path.cpp | 29 | ||||
| -rw-r--r-- | src/lib/x509/x509path.h | 4 |
2 files changed, 8 insertions, 25 deletions
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 11bcdbb12..237ac33a5 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -320,7 +320,9 @@ PKIX::check_ocsp_online(const std::vector<std::shared_ptr<const X509_Certificate auto http = HTTP::POST_sync(subject->ocsp_responder(), "application/ocsp-request", - req.BER_encode()); + req.BER_encode(), + /*redirects*/1, + timeout); http.throw_unless_ok(); // Check the MIME type? @@ -330,30 +332,11 @@ PKIX::check_ocsp_online(const std::vector<std::shared_ptr<const X509_Certificate } } - std::vector<std::shared_ptr<const OCSP::Response>> ocsp_responses(ocsp_response_futures.size()); + std::vector<std::shared_ptr<const OCSP::Response>> ocsp_responses; - for(size_t pass = 1; pass < 3; ++pass) + for(size_t i = 0; i < ocsp_response_futures.size(); ++i) { - for(size_t i = 0; i < ocsp_response_futures.size(); ++i) - { - try - { - if(ocsp_responses[i] == nullptr && ocsp_response_futures[i].valid()) - { - std::future_status status = ocsp_response_futures[i].wait_for(timeout); - - if(status == std::future_status::ready || - status == std::future_status::deferred) - { - ocsp_responses[i] = ocsp_response_futures[i].get(); - } - } - } - catch(std::exception&) - { - // value is default initialized to null, no need to do anything - } - } + ocsp_responses.push_back(ocsp_response_futures[i].get()); } return PKIX::check_ocsp(cert_path, ocsp_responses, trusted_certstores, ref_time); diff --git a/src/lib/x509/x509path.h b/src/lib/x509/x509path.h index 17932c871..6898d0679 100644 --- a/src/lib/x509/x509path.h +++ b/src/lib/x509/x509path.h @@ -207,7 +207,7 @@ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( * @param hostname if not empty, compared against the DNS name in end_cert * @param usage if not set to UNSPECIFIED, compared against the key usage in end_cert * @param validation_time what reference time to use for validation -* @param ocsp_timeout timeoutput for OCSP operations, 0 disables OCSP check +* @param ocsp_timeout timeout for OCSP operations, 0 disables OCSP check * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation */ @@ -251,7 +251,7 @@ Path_Validation_Result BOTAN_PUBLIC_API(2,0) x509_path_validate( * @param hostname if not empty, compared against the DNS name in end_certs[0] * @param usage if not set to UNSPECIFIED, compared against the key usage in end_certs[0] * @param validation_time what reference time to use for validation -* @param ocsp_timeout timeoutput for OCSP operations, 0 disables OCSP check +* @param ocsp_timeout timeout for OCSP operations, 0 disables OCSP check * @param ocsp_resp additional OCSP responses to consider (eg from peer) * @return result of the path validation */ |