There's a very useful -timeout option in the ocsp utility which is not
mentioned in the manpage or the help output.
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 902546f..0c6579d 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -650,6 +650,7 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "-resp_key_id identify
reponse by signing certificate key ID\n");
BIO_printf (bio_err, "-nrequest n number of
requests to accept (default unlimited)\n");
BIO_printf (bio_err, "-<dgst alg> use specified
digest in the request\n");
+ BIO_printf (bio_err, "-timeout n timeout
connection to OCSP responder after n seconds\n");
goto end;
}
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 9758474..296b13c 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -159,6 +159,10 @@ if the B<host> option is present then the OCSP
request is sent to the host
B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
or "/" by default.
+=item B<-timeout seconds>
+
+connection timeout to the OCSP responder in seconds
+
=item B<-CAfile file>, B<-CApath pathname>
file or pathname containing trusted CA certificates. These are used to verify
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
