strongswan/revocation.opt at 974f9c37dfeff2ad2a5ce692784b44c241a22cfa - strongswan - Gitea: Git with a cup of tea

sharpetronics/strongswan

mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00

Tobias Brunner 1968615590 revocation: Enforce a (configurable) timeout when fetching OCSP/CRL

Malicious servers could otherwise block the fetching thread indefinitely
after the initial TCP handshake (which has a default timeout of 10s
in the curl and winhttp plugins, the soup plugin actually has a default
overall timeout of 10s).

2022-10-03 10:48:46 +02:00

9 lines

254 B

Plaintext

Raw Blame History

 charon.plugins.revocation.enable_ocsp = yes
 	Whether OCSP validation should be enabled.
 charon.plugins.revocation.enable_crl = yes
 	Whether CRL validation should be enabled.
 charon.plugins.revocation.timeout = 10s
 	Timeout used when fetching OCSP/CRL.