libbind ns_sign() and ns_verify() parameter in_timesigned not documented
Mark Andrews
marka at isc.org
Tue Oct 27 00:57:32 UTC 2009
In message <4AE58FD9.8020508 at sun.com>, Stacey Jonathan Marshall writes:
> The tsig manual page description for ns_sign() and ns_verify() include a
> parameter named in_timesigned of type time_t. However there is no
> description of this parameter as there is for the others:
>
> $ less libbind-6.0/doc/tsig.cat3
> TSIG LOCAL TSI
> G
>
> NAME
> ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp,
> ns_verify_tcp_init, ns_find_tsig -- TSIG system
>
> SYNOPSIS
> int
> ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k,
> const u_char *querysig, int querysiglen, u_char *sig, int *siglen,
> time_t in_timesigned);
>
> ...
> int
> ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig,
> int querysiglen, u_char *sig, int *siglen, time_t in_timesigned,
> int nostrip);
>
>
> From a cursory review it does not seem to be used unless error ==
> ns_r_badtime.
> Could someone describe the purpose of parameter?
Theoretically a client can take the bad time response and compute
a time delta and use it to adjust the timestamp in future communications
to the server. This allows the client to correct for clock skew
if it wants.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list