diff options
author | Rob Percival <robpercival@google.com> | 2016-09-12 10:28:21 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 16:12:41 -0500 |
commit | 1871a5aa8a538c2b8ac3d302c1e9e72867f5ee0f (patch) | |
tree | 2822832d6d469ab7044b702f10eaee7dbe73a577 /include | |
parent | 333c2e43729a92cf37d4bd12d6a3531b4bd7e1da (diff) | |
download | openssl-1871a5aa8a538c2b8ac3d302c1e9e72867f5ee0f.tar.gz |
Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time
Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ct.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/include/openssl/ct.h b/include/openssl/ct.h index d001fc9b49..bf29fbabe0 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -106,9 +106,9 @@ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); /* - * Sets the current time, in milliseconds since the Unix epoch. - * The timestamps of the SCTs will be compared to this, to check that they were - * not issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs * whose timestamp is in the future", so an SCT will not validate in this case. */ void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); |