Struct anjay_est_reenroll_config_t

Defined in File core.h

Struct Documentation

struct anjay_est_reenroll_config_t

Public Members

bool enable: Enables usage of the /sren (Simple Re-Enroll) message when EST certificate mode is in use.

double nominal_usage

Nominal period for which a certificate provisioned by the EST server is used, expressed as part of the certificate validity period.

For example, a value of 0.9 (default if re-enroll configuration is not explicitly provided) means that the re-enroll request will be performed when 90% of the time between certificate provisioning time and its expiration time will have passed, i.e. re-enroll of a certificate valid for 10 days will be requested after 9 days, and for a certificate valid for 10 years - after 9 years.

The value is clamped to the [0.0, 1.0] range, and NaN values map to 0.0. If the effective value is 0.0, only max_margin is used to calculate the re-enrollment time.

If neither nominal_usage nor max_margin are specified, then the default values of both (as if re-enroll configuration were not specified) will be used.

NOTE: The term “year” has been used in the example above for familiarity. Calculations are always performed in linear time, without respect to the calendar. Day and week are the largest unambiguous units. “10 years” may mean 3651, 3652 or 3653 days, depending on the number of leap years in between. Therefore, 90% of a validity period that is exactly 10 calendar years may be calculated as 3285d 10h48’, 3286d 9h36’ or 3287d 8h24’, respectively.

avs_time_duration_t max_margin

Limit on the margin between re-enrollment request and the certificate expiration time.

In other words, if this value is specified, it guarantees that re-enroll request will not be sent earlier than max_margin before the certificate expiration time.

For example, if nominal_usage has a value of 0.9 and max_margin has a value of 30 days (defaults if re-enroll configuration is not explicitly provided), re-enroll of a certificate valid for 10 years will be requested after 9 years and 11 months, as opposed to 9 years as mandated by nominal_usage alone.

Any non-positive value (including zero and invalid values) is treated as infinity, i.e. only nominal_usage is used to calculate the re-enrollment time.

If neither nominal_usage nor max_margin are specified, then the default values of both (as if re-enroll configuration were not specified) will be used.

NOTE: The terms “year” and “month” have been used in the example above for familiarity. See the documentation to the nominal_usage field for more details.