#13 Clock skew tolerance config option (for timestamp checks)

v1.2.0
closed-accepted
7
2007-08-10
2007-07-26
Kaspar
No

As proposed on the dkim-milter-beta mailing list:

Add a configurable option for setting an allowable clock skew (similar to how it's commonly done in Kerberos), i.e. having

ClockSkew 60

in dkim-filter.conf would be handled by libdkim like so:

--- dkim.c.orig 2007-07-26 06:18:15.000000000 +0200
+++ dkim.c 2007-07-25 15:29:50.000000000 +0200
@@ -1114,7 +1114,7 @@ dkim_sig_future(DKIM_SET *set)

(void) time(&now);

- return (now < signtime);
+ return (now < signtime - clockskew);
}

/*

(dkim_options() would need to support setting this option, in addition to that.) [and dkim_sig_timestampsok needs to be adapted, too, as I noticed in the meantime]

Discussion

    • milestone: 738531 --> v1.2.0
    • assigned_to: nobody --> sm-msk
    • summary: Configurable clock skew config option (for timestamp checks) --> Clock skew tolerance config option (for timestamp checks)
     
    • priority: 5 --> 7
     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    Actually dkim_sig_timestampsok() doesn't need to be changed; it only verifies that:

    a) "t" is present; and
    b) if "x" is present, it is greater than "t"

    However, dkim_sig_expired() does need to be changed.

    This will be present in 2.1.0.

     
    • status: open --> closed-accepted
     
  • Logged In: YES
    user_id=1048957
    Originator: NO

    v2.1.0 released.