1
Author: Graziano Obertelli <graziano@eucalyptus.com>
2
Description: Permit fractional time difference between NC and CC
3
Bug-Ubuntu: http://pad.lv/854946
5
--- a/tools/client-policy-template.xml 2011-03-30 16:44:16 +0000
6
+++ b/tools/client-policy-template.xml 2011-04-07 22:26:08 +0000
8
<rampc:ReceiverCertificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:ReceiverCertificate>
9
<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-CERT</rampc:Certificate>
10
<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/CLIENT-KEY</rampc:PrivateKey>
11
+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>
12
<!-- <rampc:TimeToLive>14400</rampc:TimeToLive> -->
14
<rampc:User>CLIENT-USERNAME</rampc:User>
16
--- a/tools/service-policy-template.xml 2011-03-30 16:44:16 +0000
17
+++ b/tools/service-policy-template.xml 2011-04-07 22:26:08 +0000
19
<rampc:Certificate>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-CERT</rampc:Certificate>
20
<rampc:PrivateKey>EUCALYPTUS_HOME/var/lib/eucalyptus/keys/SERVER-KEY</rampc:PrivateKey>
21
<!-- <rampc:TimeToLive>14400</rampc:TimeToLive> -->
22
+ <rampc:ClockSkewBuffer>20</rampc:ClockSkewBuffer>
23
</rampc:RampartConfig>
27
--- a/util/euca_axis.c 2011-03-30 16:44:16 +0000
28
+++ b/util/euca_axis.c 2011-04-07 22:26:08 +0000
32
/* Regardless of the location of the Timestamp, verify the one that is signed */
33
- if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 0)) {
34
+ if(AXIS2_FAILURE == rampart_timestamp_token_validate(env, msg_ctx, signed_node, 20)) {
35
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Validation failed for Timestamp with ID = %s", ref);