b5b9698fbf
Client side period validation of certificates should not be fatal, as local clock skews are not so uncommon. The validation should be left to the running servers. - Remove this validation from TryLoadCertFromDisk(). - Add a new function ValidateCertPeriod(), that can be used for this purpose on demand. - In phases/certs add a new function CheckCertificatePeriodValidity() that will print warnings if a certificate does not pass period validation, and caches certificates that were already checked. - Use the function in a number of places where certificates are loaded from disk. |
||
|---|---|---|
| .. | ||
| BUILD | ||
| pki_helpers_test.go | ||
| pki_helpers.go | ||