Andy Lutomirski <l...@amacapital.net> wrote: > That being said, are you actually planning on implementing X.509 chain > validation correctly? ISTM you can't really do it usefully, as we > don't even know what time it is when we run this code.
We can't validate certificates based on time. We've been there, tried that and patched it out again. The problem is that we can't trust the system clock until we've done NTP - and possibly not even then. A dodgy or unset system clock can lead to the system not booting, even for installation. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
