* Send a SCEP request via HTTP and wait for a response
*/
bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
- bool http_get_request, chunk_t *response)
+ bool http_get_request, u_int timeout, chunk_t *response)
{
int len;
status_t status;
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_HTTP_VERSION_1_0,
+ FETCH_TIMEOUT, timeout,
FETCH_REQUEST_HEADER, "Pragma:",
FETCH_REQUEST_HEADER, "Host:",
FETCH_REQUEST_HEADER, "Accept:",
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_HTTP_VERSION_1_0,
+ FETCH_TIMEOUT, timeout,
FETCH_REQUEST_DATA, msg,
FETCH_REQUEST_TYPE, "",
FETCH_REQUEST_HEADER, "Expect:",
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_HTTP_VERSION_1_0,
+ FETCH_TIMEOUT, timeout,
FETCH_END);
}
size_t key_size, certificate_t *signer_cert,
hash_algorithm_t digest_alg, private_key_t *private_key);
bool scep_http_request(const char *url, chunk_t message, scep_op_t op,
- bool http_get_request, chunk_t *response);
+ bool http_get_request, u_int timeout, chunk_t *response);
err_t scep_parse_response(chunk_t response, chunk_t transID,
container_t **out, scep_attributes_t *attrs);
/* by default pluto logs out after every smartcard use */
bool pkcs11_keep_state = FALSE;
+/* by default HTTP fetch timeout is 30s */
+static u_int http_timeout = 30;
+
/* options read by optionsfrom */
options_t *options;
" - if no filename is given, default is used\n"
" --optionsfrom (-+) <filename> reads additional options from given file\n"
" --force (-f) force existing file(s)\n"
+ " --httptimeout (-T) timeout for HTTP operations (default: 30s)\n"
"\n"
"Options for key generation (pkcs1):\n"
" --keylength (-k) <bits> key length for RSA key generation\n"
{ "in", required_argument, NULL, 'i' },
{ "out", required_argument, NULL, 'o' },
{ "force", no_argument, NULL, 'f' },
+ { "httptimeout", required_argument, NULL, 'T' },
{ "keylength", required_argument, NULL, 'k' },
{ "dn", required_argument, NULL, 'd' },
{ "days", required_argument, NULL, 'D' },
force = TRUE;
continue;
+ case 'T': /* --httptimeout */
+ http_timeout = atoi(optarg);
+ if (http_timeout <= 0)
+ {
+ usage("invalid httptimeout specified");
+ }
+ continue;
+
case '+': /* --optionsfrom <filename> */
if (!options->from(options, optarg, &argc, &argv, optind))
{
pkcs7_t *pkcs7;
if (!scep_http_request(scep_url, chunk_create(ca_name, strlen(ca_name)),
- SCEP_GET_CA_CERT, http_get_request, &scep_response))
+ SCEP_GET_CA_CERT, http_get_request,
+ http_timeout, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
creds->add_cert(creds, TRUE, x509_ca_sig->get_ref(x509_ca_sig));
if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
- http_get_request, &scep_response))
+ http_get_request, http_timeout, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
exit_scepclient("failed to build scep request");
}
if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
- http_get_request, &scep_response))
+ http_get_request, http_timeout, &scep_response))
{
exit_scepclient("did not receive a valid scep response");
}
exit_scepclient(NULL);
return -1; /* should never be reached */
}
-
-
projects / thirdparty / strongswan.git / commitdiff
