Add a --httptimeout option to scepclient
This commit is contained in:
Martin Willi
parent
763e86c093
commit
f476ff84f3
3 changed files with 22 additions and 7 deletions
|
|
@ -333,7 +333,7 @@ static char* escape_http_request(chunk_t req)
|
|||
* Send a SCEP request via HTTP and wait for a response
|
||||
*/
|
||||
bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
|
||||
bool http_get_request, chunk_t *response)
|
||||
bool http_get_request, u_int timeout, chunk_t *response)
|
||||
{
|
||||
int len;
|
||||
status_t status;
|
||||
|
|
@ -361,6 +361,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
|
|||
|
||||
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
|
||||
FETCH_HTTP_VERSION_1_0,
|
||||
FETCH_TIMEOUT, timeout,
|
||||
FETCH_REQUEST_HEADER, "Pragma:",
|
||||
FETCH_REQUEST_HEADER, "Host:",
|
||||
FETCH_REQUEST_HEADER, "Accept:",
|
||||
|
|
@ -375,6 +376,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
|
|||
|
||||
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
|
||||
FETCH_HTTP_VERSION_1_0,
|
||||
FETCH_TIMEOUT, timeout,
|
||||
FETCH_REQUEST_DATA, msg,
|
||||
FETCH_REQUEST_TYPE, "",
|
||||
FETCH_REQUEST_HEADER, "Expect:",
|
||||
|
|
@ -403,6 +405,7 @@ bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
|
|||
|
||||
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
|
||||
FETCH_HTTP_VERSION_1_0,
|
||||
FETCH_TIMEOUT, timeout,
|
||||
FETCH_END);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
|
|||
size_t key_size, certificate_t *signer_cert,
|
||||
hash_algorithm_t digest_alg, private_key_t *private_key);
|
||||
bool scep_http_request(const char *url, chunk_t message, scep_op_t op,
|
||||
bool http_get_request, chunk_t *response);
|
||||
bool http_get_request, u_int timeout, chunk_t *response);
|
||||
err_t scep_parse_response(chunk_t response, chunk_t transID,
|
||||
container_t **out, scep_attributes_t *attrs);
|
||||
|
||||
|
|
|
|||
|
|
@ -113,6 +113,9 @@ long crl_check_interval = 0;
|
|||
/* by default pluto logs out after every smartcard use */
|
||||
bool pkcs11_keep_state = FALSE;
|
||||
|
||||
/* by default HTTP fetch timeout is 30s */
|
||||
static u_int http_timeout = 30;
|
||||
|
||||
/* options read by optionsfrom */
|
||||
options_t *options;
|
||||
|
||||
|
|
@ -344,6 +347,7 @@ static void usage(const char *message)
|
|||
" - if no filename is given, default is used\n"
|
||||
" --optionsfrom (-+) <filename> reads additional options from given file\n"
|
||||
" --force (-f) force existing file(s)\n"
|
||||
" --httptimeout (-T) timeout for HTTP operations (default: 30s)\n"
|
||||
"\n"
|
||||
"Options for key generation (pkcs1):\n"
|
||||
" --keylength (-k) <bits> key length for RSA key generation\n"
|
||||
|
|
@ -518,6 +522,7 @@ int main(int argc, char **argv)
|
|||
{ "in", required_argument, NULL, 'i' },
|
||||
{ "out", required_argument, NULL, 'o' },
|
||||
{ "force", no_argument, NULL, 'f' },
|
||||
{ "httptimeout", required_argument, NULL, 'T' },
|
||||
{ "keylength", required_argument, NULL, 'k' },
|
||||
{ "dn", required_argument, NULL, 'd' },
|
||||
{ "days", required_argument, NULL, 'D' },
|
||||
|
|
@ -662,6 +667,14 @@ int main(int argc, char **argv)
|
|||
force = TRUE;
|
||||
continue;
|
||||
|
||||
case 'T': /* --httptimeout */
|
||||
http_timeout = atoi(optarg);
|
||||
if (http_timeout <= 0)
|
||||
{
|
||||
usage("invalid httptimeout specified");
|
||||
}
|
||||
continue;
|
||||
|
||||
case '+': /* --optionsfrom <filename> */
|
||||
if (!options->from(options, optarg, &argc, &argv, optind))
|
||||
{
|
||||
|
|
@ -939,7 +952,8 @@ int main(int argc, char **argv)
|
|||
pkcs7_t *pkcs7;
|
||||
|
||||
if (!scep_http_request(scep_url, chunk_create(ca_name, strlen(ca_name)),
|
||||
SCEP_GET_CA_CERT, http_get_request, &scep_response))
|
||||
SCEP_GET_CA_CERT, http_get_request,
|
||||
http_timeout, &scep_response))
|
||||
{
|
||||
exit_scepclient("did not receive a valid scep response");
|
||||
}
|
||||
|
|
@ -1317,7 +1331,7 @@ int main(int argc, char **argv)
|
|||
creds->add_cert(creds, TRUE, x509_ca_sig->get_ref(x509_ca_sig));
|
||||
|
||||
if (!scep_http_request(scep_url, pkcs7, SCEP_PKI_OPERATION,
|
||||
http_get_request, &scep_response))
|
||||
http_get_request, http_timeout, &scep_response))
|
||||
{
|
||||
exit_scepclient("did not receive a valid scep response");
|
||||
}
|
||||
|
|
@ -1367,7 +1381,7 @@ int main(int argc, char **argv)
|
|||
exit_scepclient("failed to build scep request");
|
||||
}
|
||||
if (!scep_http_request(scep_url, getCertInitial, SCEP_PKI_OPERATION,
|
||||
http_get_request, &scep_response))
|
||||
http_get_request, http_timeout, &scep_response))
|
||||
{
|
||||
exit_scepclient("did not receive a valid scep response");
|
||||
}
|
||||
|
|
@ -1458,5 +1472,3 @@ int main(int argc, char **argv)
|
|||
exit_scepclient(NULL);
|
||||
return -1; /* should never be reached */
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue