From f9078993583af856a485408d0e4a6df640d332c0 Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Thu, 12 Jul 2012 12:38:13 -0700
Subject: [PATCH] slight tolerance for requests timestamped in the future

---
 server-ca/chocolate.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server-ca/chocolate.py b/server-ca/chocolate.py
index 9790defb6..c57265e7b 100755
--- a/server-ca/chocolate.py
+++ b/server-ca/chocolate.py
@@ -211,8 +211,11 @@ class session(object):
         if not all([safe("recipient", recipient), safe("csr", csr)]):
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/illegalcharacter")
             return
-        if timestamp > time.time() or time.time() - timestamp > 100:
-            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/time")
+        if timestamp - time.time() > 5:
+            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/future")
+            return
+        if time.time() - timestamp > 100:
+            self.die(r, r.BadRequest, uri="https://ca.example.com/failures/past")
             return
         if recipient != "ca.example.com":
             self.die(r, r.BadRequest, uri="https://ca.example.com/failures/recipient")