From 89a1be09d9747d45b25376028a90a1450ed63cde Mon Sep 17 00:00:00 2001 From: John Crispin Date: Mon, 21 Jul 2025 11:35:47 +0200 Subject: [PATCH] est_client: set 10s as the max timeout when calling the EST server Signed-off-by: John Crispin --- feeds/tip/cloud_discovery/files/usr/bin/est_client | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/est_client b/feeds/tip/cloud_discovery/files/usr/bin/est_client index 591e7e01f..535e2a7fa 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/est_client +++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client @@ -78,7 +78,7 @@ function call_est_server(path, cert, target) { if (generate_csr(cert)) return 1; - let ret = system('curl -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7'); + let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7'); if (ret) { ulog(LOG_INFO, 'Failed to request operational certificate\n'); return 1; @@ -125,7 +125,7 @@ function load_operational_ca() { ulog(LOG_INFO, 'Operational CA is present\n'); return 0; } - let ret = system('curl -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7'); + let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7'); if (!ret) ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca'); if (ret) {