[crypto] Allow signed timestamp error margin to be configured at build time

Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2014-03-30 20:07:14 +0100
committer: Michael Brown <mcb30@ipxe.org> 2014-03-30 20:08:00 +0100
commit: 7c7c95709482c769fb081471f2ff8701dbd5b068 (patch)
tree: f4f30b3d4d00794351b5e00cc6da173759d0dec8 /src/crypto/x509.c
parent: d90490578d3fe7eca080bb951bebd65bd76bc053 (diff)
download: ipxe-7c7c95709482c769fb081471f2ff8701dbd5b068.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index fa3614742..87b924c84 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -34,6 +34,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/rootcert.h>
 #include <ipxe/certstore.h>
 #include <ipxe/x509.h>
+#include <config/crypto.h>
 
 /** @file
  *
@@ -1233,12 +1234,12 @@ int x509_check_time ( struct x509_certificate *cert, time_t time ) {
 	struct x509_validity *validity = &cert->validity;
 
 	/* Check validity period */
-	if ( validity->not_before.time > ( time + X509_ERROR_MARGIN_TIME ) ) {
+	if ( validity->not_before.time > ( time + TIMESTAMP_ERROR_MARGIN ) ) {
 		DBGC ( cert, "X509 %p \"%s\" is not yet valid (at time %lld)\n",
 		       cert, x509_name ( cert ), time );
 		return -EACCES_EXPIRED;
 	}
-	if ( validity->not_after.time < ( time - X509_ERROR_MARGIN_TIME ) ) {
+	if ( validity->not_after.time < ( time - TIMESTAMP_ERROR_MARGIN ) ) {
 		DBGC ( cert, "X509 %p \"%s\" has expired (at time %lld)\n",
 		       cert, x509_name ( cert ), time );
 		return -EACCES_EXPIRED;
author	Michael Brown <mcb30@ipxe.org>	2014-03-30 20:07:14 +0100
committer	Michael Brown <mcb30@ipxe.org>	2014-03-30 20:08:00 +0100
commit	7c7c95709482c769fb081471f2ff8701dbd5b068 (patch)
tree	f4f30b3d4d00794351b5e00cc6da173759d0dec8 /src/crypto/x509.c
parent	d90490578d3fe7eca080bb951bebd65bd76bc053 (diff)
download	ipxe-7c7c95709482c769fb081471f2ff8701dbd5b068.tar.gz