From 4507a1f8d540e9ae7c3f947df44e678af75b82c8 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Wed, 8 Dec 2021 11:47:26 +0100
Subject: follow spec wrt tree head age

Allow for 10s of clock drift too.

Bug reported by rgdd.
---
 sigsum-witness.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'sigsum-witness.py')

diff --git a/sigsum-witness.py b/sigsum-witness.py
index 730c6b8..2be3f3a 100755
--- a/sigsum-witness.py
+++ b/sigsum-witness.py
@@ -164,12 +164,13 @@ class TreeHead:
     def timestamp_valid(self, now):
         ts_sec = self.timestamp
         ts_asc = time.ctime(ts_sec)
-        if ts_sec < now - 12 * 3600:
+        acceptable_drift = 10
+        if ts_sec < now - 5 * 60 - acceptable_drift:
             return (ERR_OK,
-                    "WARNING: Tree head timestamp too old: {} ({})".format(ts_sec, ts_asc))
-        if ts_sec > now + 12 * 3600:
+                    "WARNING: Tree head timestamp older than five minutes: {} ({})".format(ts_sec, ts_asc))
+        if ts_sec > now + acceptable_drift:
             return (ERR_OK,
-                    "WARNING: Tree head timestamp too new: {} ({})".format(ts_sec, ts_asc))
+                    "WARNING: Tree head timestamp from the future: {} ({})".format(ts_sec, ts_asc))
 
     def history_valid(self, prev):
         if self.tree_size < prev.tree_size:
-- 
cgit v1.2.3