Signed timestamp error margin



Header file

Configured via config/crypto.h.


Allow no more than five minutes of error

  #define TIMESTAMP_ERROR_MARGIN ( 5 * 60 )

Allow up to ten years of error

  #define TIMESTAMP_ERROR_MARGIN ( 10 * 365 * 24 * 60 * 60 )


This build option configures the margin of error (in seconds) that will be accepted in any cryptographically signed timestamps (such as X.509 certificate expiry times).

See also


The default value for TIMESTAMP_ERROR_MARGIN is slightly more than twelve hours: this is intended to allow for the fact that there is no viable way for iPXE to determine its local time zone, and so there may be an error of up to twelve hours in the local system time as determined by iPXE.

You should not reduce TIMESTAMP_ERROR_MARGIN below twelve hours unless you can guarantee that the local system clock will always be set to GMT.

buildcfg/timestamp_error_margin.txt ยท Last modified: 2014/03/30 19:33 by mcb30
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL
References to "iPXE" may not be altered or removed.