sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-02 09:52:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Allow signed timestamp error margin to be configured at build time

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2014-03-30 20:07:14 +01:00
parent d90490578d
commit 7c7c957094
4 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/crypto/ocsp.c
View File

@@ -30,6 +30,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <ipxe/base64.h>
#include <ipxe/uri.h>
#include <ipxe/ocsp.h>
#include <config/crypto.h>
/** @file
*
@@ -923,12 +924,12 @@ int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) {
/* Check OCSP response is valid at the specified time
* (allowing for some margin of error).
*/
if ( response->this_update > ( time + X509_ERROR_MARGIN_TIME ) ) {
if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at "
"time %lld)\n", ocsp, x509_name ( ocsp->cert ), time );
return -EACCES_STALE;
}
if ( response->next_update < ( time - X509_ERROR_MARGIN_TIME ) ) {
if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time "
"%lld)\n", ocsp, x509_name ( ocsp->cert ), time );
return -EACCES_STALE;