diff options
| author | Michael Brown | 2014-03-30 21:07:14 +0200 |
|---|---|---|
| committer | Michael Brown | 2014-03-30 21:08:00 +0200 |
| commit | 7c7c95709482c769fb081471f2ff8701dbd5b068 (patch) | |
| tree | f4f30b3d4d00794351b5e00cc6da173759d0dec8 /src/crypto/ocsp.c | |
| parent | [crypto] Use fingerprint when no common name is available for debug messages (diff) | |
| download | ipxe-7c7c95709482c769fb081471f2ff8701dbd5b068.tar.gz ipxe-7c7c95709482c769fb081471f2ff8701dbd5b068.tar.xz ipxe-7c7c95709482c769fb081471f2ff8701dbd5b068.zip | |
[crypto] Allow signed timestamp error margin to be configured at build time
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto/ocsp.c')
| -rw-r--r-- | src/crypto/ocsp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/ocsp.c b/src/crypto/ocsp.c index 75d9a092..d4815a1b 100644 --- a/src/crypto/ocsp.c +++ b/src/crypto/ocsp.c @@ -30,6 +30,7 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <ipxe/base64.h> #include <ipxe/uri.h> #include <ipxe/ocsp.h> +#include <config/crypto.h> /** @file * @@ -923,12 +924,12 @@ int ocsp_validate ( struct ocsp_check *ocsp, time_t time ) { /* Check OCSP response is valid at the specified time * (allowing for some margin of error). */ - if ( response->this_update > ( time + X509_ERROR_MARGIN_TIME ) ) { + if ( response->this_update > ( time + TIMESTAMP_ERROR_MARGIN ) ) { DBGC ( ocsp, "OCSP %p \"%s\" response is not yet valid (at " "time %lld)\n", ocsp, x509_name ( ocsp->cert ), time ); return -EACCES_STALE; } - if ( response->next_update < ( time - X509_ERROR_MARGIN_TIME ) ) { + if ( response->next_update < ( time - TIMESTAMP_ERROR_MARGIN ) ) { DBGC ( ocsp, "OCSP %p \"%s\" response is stale (at time " "%lld)\n", ocsp, x509_name ( ocsp->cert ), time ); return -EACCES_STALE; |