]> git.ipfire.org Git - thirdparty/strongswan.git/commit
projects / thirdparty / strongswan.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1e9261) | patch
revocation: Enforce a (configurable) timeout when fetching OCSP/CRL
authorTobias Brunner <tobias@strongswan.org>
Fri, 22 Jul 2022 12:50:41 +0000 (14:50 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 3 Oct 2022 08:48:46 +0000 (10:48 +0200)
commit19686155906ed2e4f113c78d69803d7d0af0e48e
tree8310c90a7a3c4c2da81306db452f19b271a127cetree
parentb1e926148abb14ca90dfa4cf9e5c9c72ed94d7bfcommit | diff
revocation: Enforce a (configurable) timeout when fetching OCSP/CRL

Malicious servers could otherwise block the fetching thread indefinitely
after the initial TCP handshake (which has a default timeout of 10s
in the curl and winhttp plugins, the soup plugin actually has a default
overall timeout of 10s).
conf/plugins/revocation.opt diff | blob | blame | history
src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_fetcher.c diff | blob | blame | history
src/libstrongswan/plugins/files/files_fetcher.c diff | blob | blame | history
src/libstrongswan/plugins/revocation/revocation_validator.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.