DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-07 18:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

nts: allow disabling certificate time checks

Browse Source 
Add "nocerttimecheck" directive to specify the number of clock updates
that need to be made before the time validation of certificates is
enabled. This makes NTS usable on machines that don't have a RTC.
This commit is contained in:
Miroslav Lichvar
2020-04-16 16:08:43 +02:00
parent 2775846db7
commit eace93f2af
4 changed files with 44 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
conf.c
View File

@@ -235,6 +235,9 @@ static int nts_refresh = 2419200; /* 4 weeks */
static int nts_rotate = 604800; /* 1 week */
static char *nts_trusted_cert_file = NULL;
/* Number of clock updates needed to enable certificate time checks */
static int no_cert_time_check = 0;
/* Flag disabling use of system trusted certificates */
static int no_system_cert = 0;
@@ -545,6 +548,8 @@ CNF_ParseLine(const char *filename, int number, char *line)
parse_int(p, &min_samples);
} else if (!strcasecmp(command, "minsources")) {
parse_int(p, &min_sources);
} else if (!strcasecmp(command, "nocerttimecheck")) {
parse_int(p, &no_cert_time_check);
} else if (!strcasecmp(command, "noclientlog")) {
no_client_log = parse_null(p);
} else if (!strcasecmp(command, "nosystemcert")) {
@@ -2158,3 +2163,11 @@ CNF_GetNoSystemCert(void)
{
return no_system_cert;
}
/* ================================================== */
int
CNF_GetNoCertTimeCheck(void)
{
return no_cert_time_check;
}