#21420: Link certificate start date in the future --------------------------+------------------------------------ Reporter: mmcloughlin | Owner: nickm Type: defect | Status: needs_revision Priority: Medium | Milestone: Tor: 0.3.0.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: 029-backport | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------+------------------------------------ Changes (by dgoulet):
* status: needs_review => needs_revision Comment: This comment, I can't understand the why nor the what (starting at the "instead"): {{{ /* Our certificate lifetime will be cert_lifetime no matter what, but if we * start cert_lifetime in the past, we'll have 0 real lifetime. instead we * start up to (cert_lifetime - min_real_lifetime - start_granularity) in * the past. */ }}} I do understand that we absolutely want "cert_lifetime" but then the explanation for how we do that is confusing to me. We "start up to" what exactly? and what is this "in the past"? Trying to understand: we use the lifetime value we want minus some values which are the minimum real lifetime (basically the minimum allowed for lifetime of a cert?) and then a "granularity" that I don't know why we use that. I see this comment `Lastly, be sure to start on a day boundary.` but no why. And then the code is kind of the same thing but intuitively is reverse :). {{{ time_t earliest_start_time = now - cert_lifetime + min_real_lifetime + start_granularity; }}} The math aren't that difficult but are easily confusing especially with a lifetime concept so I would really love to see a unit test testing the boundaries. And this whole snippet of code could even be extracted in a separate function for clarity, documentation and easier testing. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21420#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs