From 10244d3fa88365a3740eb66ccfd9c90f3a866fcd Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Wed, 16 Nov 2016 01:34:19 -0500
Subject: Add OCSP stapling support to TLS client

---
 src/cli/tls_client.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/cli')

diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index 8e21e21e5..b6cb43ff9 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -11,6 +11,7 @@
 
 #include <botan/tls_client.h>
 #include <botan/x509path.h>
+#include <botan/ocsp.h>
 #include <botan/hex.h>
 
 #if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
@@ -253,6 +254,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
 
       void tls_verify_cert_chain(
          const std::vector<Botan::X509_Certificate>& cert_chain,
+         const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp,
          const std::vector<Botan::Certificate_Store*>& trusted_roots,
          Botan::Usage_Type usage,
          const std::string& hostname,
@@ -263,7 +265,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
 
          Botan::Path_Validation_Restrictions restrictions(true, policy.minimum_signature_strength());
 
-         auto ocsp_timeout = std::chrono::milliseconds(300);
+         auto ocsp_timeout = std::chrono::milliseconds(1000);
 
          Botan::Path_Validation_Result result =
             Botan::x509_path_validate(cert_chain,
@@ -272,7 +274,8 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
                                       hostname,
                                       usage,
                                       std::chrono::system_clock::now(),
-                                      ocsp_timeout);
+                                      ocsp_timeout,
+                                      ocsp);
 
          std::cout << "Certificate validation status: " << result.result_string() << "\n";
          if(result.successful_validation())
-- 
cgit v1.2.3