Clock lagging causes signature verification to fail

[Priceless-P]

Signature verification fails when clock is lagging and it gives this error:

CodecError(NoiseSv2Error(InvalidCertificate([0, 0, 9, 224, 78, 103, 97, 226, 78, 103, ...., 222, 208, 158, 207, 123, 16])))

This happens here where the current time is checked against the message's valid time range. If the system clock is off by a bit, it fails even for valid messages.

Proposed solution
Introduce a time buffer. For example 10 secs .

if (self.valid_from <= now - 10) && (self.not_valid_after >= now + 10)

Versioning
This fix will only require bumping the patch version number

[jbesraa]

Interesting. In which scenarios the system clock can be off in seconds?

[Priceless-P]

Interesting. In which scenarios the system clock can be off in seconds?

Can occur If the client and server are using different NTP servers for example. I have observed up to 1 sec difference.

[GitGab19]

Closed by #2017