Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

adjusted rampartc policy to allow for some clock skew

  • Loading branch information...
commit a7c568425f281404cecf06e5b6d8dcc3d16d2d58 1 parent 9bf8e1a
@rusvika rusvika authored
View
1  tools/client-policy-template.xml
@@ -57,6 +57,7 @@
<rampc:ReceiverCertificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:ReceiverCertificate>
<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-CERT</rampc:Certificate>
<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-KEY</rampc:PrivateKey>
+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>
<!-- <rampc:TimeToLive>14400</rampc:TimeToLive> -->
<!--
<rampc:User>CLIENT-USERNAME</rampc:User>
View
1  tools/service-policy-template.xml
@@ -60,6 +60,7 @@
<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:Certificate>
<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-KEY</rampc:PrivateKey>
<!-- <rampc:TimeToLive>14400</rampc:TimeToLive> -->
+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>
</rampc:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
View
2  util/euca_axis.c
@@ -360,7 +360,7 @@ int verify_node(axiom_node_t *signed_node, const axutil_env_t *env, axis2_msg_ct
signed_elems[1] = 1;
/* Regardless of the location of the Timestamp, verify the one that is signed */
- if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 0)) {
+ if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 20)) {
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Validation failed for Timestamp with ID = %s", ref);
return 1;
}
Please sign in to comment.
Something went wrong with that request. Please try again.