fix: Deny certs with timestamps in the future as well as the past

dfinity / agent-rs

A collection of libraries and tools for building software around the Internet Computer, in Rust.

https://sdk.dfinity.org/

Apache License 2.0

123 stars 76 forks source link

fix: Deny certs with timestamps in the future as well as the past #559

Closed adamspofford-dfinity closed 5 months ago

adamspofford-dfinity commented 5 months ago

Currently we reject certificates that were signed too far in the past; this PR additionally rejects certificates signed too far in the future. Future timestamps indicate a clock mismatch and a timestamp that seems in the future may actually be too far in the past.