From 7b54601c95e9993f43bc16cf195d679af0964f67 Mon Sep 17 00:00:00 2001
From: Marcel Poul <marcel.poul@cern.ch>
Date: Fri, 17 Aug 2012 00:31:54 +0000
Subject: [PATCH] add MAX_VALIDITY_PERIOD and set maxage to -1 as default value

---
 emi.canl.canl-c/src/proxy/sslutils.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index fbbd03a..97955c0 100644
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -96,6 +96,8 @@ Description:
 #ifdef USE_PKCS11
 #include "scutils.h"
 #endif
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD     (5 * 60)
 
 static int fix_add_entry_asn1_set_param = 0;
 
@@ -2205,6 +2207,8 @@ proxy_verify_callback(
                 c_store = NULL;
             }
         }
+        set_ocsp_skew(ocsp_data, MAX_VALIDITY_PERIOD);
+        set_ocsp_maxage(ocsp_data, -1);
 
         do_ocsp_verify (ocsp_data);
         /* TODO sign key and cert */
-- 
1.8.2.3