In message 4ae58fd9.8020...@sun.com, Stacey Jonathan Marshall writes:
The tsig manual page description for ns_sign() and ns_verify() include a
parameter named in_timesigned of type time_t. However there is no
description of this parameter as there is for the others:
$ less libbind-6.0/doc/tsig.cat3
TSIG LOCALTSI
G
NAME
ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp,
ns_verify_tcp_init, ns_find_tsig -- TSIG system
SYNOPSIS
int
ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k,
const u_char *querysig, int querysiglen, u_char *sig, int *siglen,
time_t in_timesigned);
...
int
ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig,
int querysiglen, u_char *sig, int *siglen, time_t in_timesigned,
int nostrip);
From a cursory review it does not seem to be used unless error ==
ns_r_badtime.
Could someone describe the purpose of parameter?
Theoretically a client can take the bad time response and compute
a time delta and use it to adjust the timestamp in future communications
to the server. This allows the client to correct for clock skew
if it wants.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users