boulder

Commit Graph

Author	SHA1	Message	Date
Aaron Gable	e5731a4c23	gRPC: reject request if clock skew is too large (#7686 ) Have our gRPC server interceptor check for excessive clock skew between its own clock and gRPC client clocks. Do this by taking advantage of the client request timestamp that most clients already supply for the purpose of measuring cross-service latency. If the included timestamp is more than 10 minutes from the gRPC server's local time, immediately error out. To keep the integration tests -- which heavily rely on clock manipulation -- working, use build tags to disable this behavior during integration testing. Fixes https://github.com/letsencrypt/boulder/issues/7684	2024-08-29 11:32:24 -07:00

Author

SHA1

Message

Date

Aaron Gable

e5731a4c23

gRPC: reject request if clock skew is too large (#7686 )

Have our gRPC server interceptor check for excessive clock skew between
its own clock and gRPC client clocks. Do this by taking advantage of the
client request timestamp that most clients already supply for the
purpose of measuring cross-service latency. If the included timestamp is
more than 10 minutes from the gRPC server's local time, immediately
error out.

To keep the integration tests -- which heavily rely on clock
manipulation -- working, use build tags to disable this behavior during
integration testing.

Fixes https://github.com/letsencrypt/boulder/issues/7684

2024-08-29 11:32:24 -07:00

1 Commits