strongswan/revocation.opt at 5005c2e4ab0cb0f6f456e8425f3d6d5c4313c17e - strongswan - Gitea: Git with a cup of tea

sharpetronics/strongswan

mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00

Tobias Brunner 1968615590 revocation: Enforce a (configurable) timeout when fetching OCSP/CRL

Malicious servers could otherwise block the fetching thread indefinitely
after the initial TCP handshake (which has a default timeout of 10s
in the curl and winhttp plugins, the soup plugin actually has a default
overall timeout of 10s).

2022-10-03 10:48:46 +02:00

9 lines

254 B

Plaintext

Raw Blame History

 charon.plugins.revocation.enable_ocsp = yes
 	Whether OCSP validation should be enabled.
 charon.plugins.revocation.enable_crl = yes
 	Whether CRL validation should be enabled.
 charon.plugins.revocation.timeout = 10s
 	Timeout used when fetching OCSP/CRL.