From fc638a430c89f01e5eadf3295605cdc3dba78a13 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Mon, 21 Nov 2016 20:50:52 -0500 Subject: Add the documented function for OCSP timeouts --- src/lib/tls/tls_callbacks.cpp | 4 +--- src/lib/tls/tls_callbacks.h | 9 +++++++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/lib/tls/tls_callbacks.cpp b/src/lib/tls/tls_callbacks.cpp index 1bf1af6a3..f43890e20 100644 --- a/src/lib/tls/tls_callbacks.cpp +++ b/src/lib/tls/tls_callbacks.cpp @@ -35,8 +35,6 @@ void TLS::Callbacks::tls_verify_cert_chain( Path_Validation_Restrictions restrictions; - auto ocsp_timeout = std::chrono::milliseconds(300); - Path_Validation_Result result = x509_path_validate(cert_chain, restrictions, @@ -44,7 +42,7 @@ void TLS::Callbacks::tls_verify_cert_chain( (usage == Usage_Type::TLS_SERVER_AUTH ? hostname : ""), usage, std::chrono::system_clock::now(), - ocsp_timeout); + tls_verify_cert_chain_ocsp_timeout()); if(!result.successful_validation()) throw Exception("Certificate validation failure: " + result.result_string()); diff --git a/src/lib/tls/tls_callbacks.h b/src/lib/tls/tls_callbacks.h index 9de7710f4..db9f9e21d 100644 --- a/src/lib/tls/tls_callbacks.h +++ b/src/lib/tls/tls_callbacks.h @@ -123,6 +123,15 @@ class BOTAN_DLL Callbacks Usage_Type usage, const std::string& hostname); + /** + * Called by default `tls_verify_cert_chain` to get the timeout to use for OCSP + * requests. Return 0 to disable online OCSP checks. + */ + virtual std::chrono::milliseconds tls_verify_cert_chain_ocsp_timeout() const + { + return std::chrono::milliseconds(0); + } + /** * Optional callback: inspect handshake message * Throw an exception to abort the handshake. -- cgit v1.2.3