TIMESTAMP_ERROR_MARGIN
Configured via config/crypto.h
.
#undef TIMESTAMP_ERROR_MARGIN #define TIMESTAMP_ERROR_MARGIN ( 5 * 60 )
#undef TIMESTAMP_ERROR_MARGIN #define TIMESTAMP_ERROR_MARGIN ( 10 * 365 * 24 * 60 * 60 )
This build option configures the margin of error (in seconds) that will be accepted in any cryptographically signed timestamps (such as X.509 certificate expiry times).
The default value for TIMESTAMP_ERROR_MARGIN
is slightly more than twelve hours: this is intended to allow for the fact that there is no viable way for iPXE to determine its local time zone, and so there may be an error of up to twelve hours in the local system time as determined by iPXE.
You should not reduce TIMESTAMP_ERROR_MARGIN
below twelve hours unless you can guarantee that the local system clock will always be set to GMT.