predate validity time on creation; extent ttl on validation

diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index fe600ec7a6bd89db2397b75e4e4085284636058c..291c58dd82dc78775c4055bdf2d7128d421a2e0c 100644 (file)
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -510,8 +510,9 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
    */
   buffer = GNUNET_TIME_relative_divide (epoch_length,
                                         10);
-  ts = GNUNET_TIME_absolute_subtract (ts,
-                                      buffer);
+  exp = GNUNET_TIME_absolute_add (ts, ttl);
+  exp = GNUNET_TIME_absolute_add (exp,
+                                  buffer);
 
   if (0 != GNUNET_TIME_absolute_get_remaining (ts).rel_value_us)
     return GNUNET_NO; /* Not yet valid. */
@@ -519,10 +520,6 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_Pow *pow,
   ts = GNUNET_TIME_absolute_add (ts,
                                  buffer);
 
-  exp = GNUNET_TIME_absolute_add (ts, ttl);
-  exp = GNUNET_TIME_absolute_add (exp,
-                                  buffer);
-
   if (0 == GNUNET_TIME_absolute_get_remaining (exp).rel_value_us)
     return GNUNET_NO; /* expired */
   return GNUNET_YES;
@@ -545,6 +542,13 @@ GNUNET_REVOCATION_pow_init (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
   struct GNUNET_REVOCATION_PowCalculationHandle *pc;
   struct GNUNET_TIME_Absolute ts = GNUNET_TIME_absolute_get ();
 
+  /**
+   * Predate the validity period to prevent rejections due to
+   * unsynchronized clocks
+   */
+  ts = GNUNET_TIME_absolute_subtract (ts,
+                                      GNUNET_TIME_UNIT_WEEKS);
+
   pc = GNUNET_new (struct GNUNET_REVOCATION_PowCalculationHandle);
   pc->pow.timestamp = GNUNET_TIME_absolute_hton (ts);
   pc->pow.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_REVOCATION);