]> git.ipfire.org Git - thirdparty/bind9.git/commit
Set the ephemeral certificate's "not before" a short time in the past
authorAram Sargsyan <aram@isc.org>
Tue, 11 Jan 2022 09:07:34 +0000 (09:07 +0000)
committerAram Sargsyan <aram@isc.org>
Tue, 25 Jan 2022 09:09:35 +0000 (09:09 +0000)
commit81d3584116a1f06a5d7e09bb438be4d845378c48
tree672fe6c90edc4006ed3a2b7a0f15ce72b28e7e4e
parent27b709cc7596ae74c99fe740f1e292b4f960e735
Set the ephemeral certificate's "not before" a short time in the past

TLS clients can have their clock a short time in the past which will
result in not being able to validate the certificate.

Setting the "not before" property 5 minutes in the past will
accommodate with some possible clock skew across systems.
lib/isc/tls.c