Signed timestamp error margin

Name

  TIMESTAMP_ERROR_MARGIN

Header file

Configured via config/crypto.h.

Examples

Allow no more than five minutes of error

  #undef TIMESTAMP_ERROR_MARGIN
  #define TIMESTAMP_ERROR_MARGIN ( 5 * 60 )

Allow up to ten years of error

  #undef TIMESTAMP_ERROR_MARGIN
  #define TIMESTAMP_ERROR_MARGIN ( 10 * 365 * 24 * 60 * 60 )

Description

This build option configures the margin of error (in seconds) that will be accepted in any cryptographically signed timestamps (such as X.509 certificate expiry times).

See also

Notes

The default value for TIMESTAMP_ERROR_MARGIN is slightly more than twelve hours: this is intended to allow for the fact that there is no viable way for iPXE to determine its local time zone, and so there may be an error of up to twelve hours in the local system time as determined by iPXE.

You should not reduce TIMESTAMP_ERROR_MARGIN below twelve hours unless you can guarantee that the local system clock will always be set to GMT.

buildcfg/timestamp_error_margin.txt ยท Last modified: 2014/03/30 19:33 by mcb30
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL https://ipxe.org
References to "iPXE" may not be altered or removed.