Commit ba693499 authored by Vincent Pelletier's avatar Vincent Pelletier

ca: Add clock desynchronisation tolerance.

Issue certificates and revocation lists a few seconds in the past of the
true issuance time, to allow the client to be a bit in the past compared
to the server. Otherwise, the client would receive a "not valid yet"
certificate or CRL, which could crash it (es: caucase-update). Which
normally is intended (so time attacks are noticed), but in this case is
counter-productive.
parent ad67ffb2
Pipeline #24404 failed with stage
in 0 seconds