Context is the chicken and egg problem of using TLS before a system knows the time. I work on NTP software. NTP uses NTS (Network Time Security) which uses TLS to make sure it is talking to the right servers. I'm trying to figure out how to get started on a system that doesn't know the time yet. (Many low cost systems like the Raspberry Pi don't have a battery backed clock.) I think I want to try something like: Do everything except check the time on certificates Get the time, assuming those certificates are valid. Now check to see if those certificates were valid. The command line tools have -no_check_time Is there something similar in the API? I've looked, but maybe not in the right place. If not, any suggestions for good code to copy? -- These are my opinions. I hate spam.
