summaryrefslogtreecommitdiffstats
path: root/crypto/ct
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/ct')
-rw-r--r--crypto/ct/ct_policy.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c
index 1bc22749d3..adee331366 100644
--- a/crypto/ct/ct_policy.c
+++ b/crypto/ct/ct_policy.c
@@ -17,6 +17,12 @@
#include "ct_locl.h"
+// Number of seconds in the future that an SCT timestamp can be, by default,
+// without being considered invalid. This is added to time() when setting a
+// default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+// It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+
CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
{
CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
@@ -27,7 +33,7 @@ CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
}
// time(NULL) shouldn't ever fail, so don't bother checking for -1.
- ctx->epoch_time_in_ms = time(NULL) * 1000;
+ ctx->epoch_time_in_ms = (time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * 1000;
return ctx;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 19:17:40 +0000