git://scientific.zcu.cz / jra1mw.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc8221d)
add MAX_VALIDITY_PERIOD and set maxage to -1 as default value
authorMarcel Poul <marcel.poul@cern.ch>
Fri, 17 Aug 2012 00:31:54 +0000 (00:31 +0000)
committerMarcel Poul <marcel.poul@cern.ch>
Fri, 17 Aug 2012 00:31:54 +0000 (00:31 +0000)
emi.canl.canl-c/src/proxy/sslutils.c patch | blob | blame | history

diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index fbbd03a..97955c0 100644 (file)
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -96,6 +96,8 @@ Description:
 #ifdef USE_PKCS11
 #include "scutils.h"
 #endif
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD     (5 * 60)
 
 static int fix_add_entry_asn1_set_param = 0;
 
@@ -2205,6 +2207,8 @@ proxy_verify_callback(
                 c_store = NULL;
             }
         }
+        set_ocsp_skew(ocsp_data, MAX_VALIDITY_PERIOD);
+        set_ocsp_maxage(ocsp_data, -1);
 
         do_ocsp_verify (ocsp_data);
         /* TODO sign key and cert */
jra1mw project from LCG CVS.