determine this, an SCT's timestamp and signature must be verified.
This requires:
-=over
+=over 4
=item * the public key of the log that issued the SCT
CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
should then be populated using:
-=over
+=over 4
=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
The SCT timestamp will be compared to this time to check whether the SCT was
issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
-timestamp is in the future". Typically, the time provided to this function will
-be the current time.
+timestamp is in the future". By default, this will be set to 5 minutes in the
+future (e.g. (time() + 300) * 1000), to allow for clock drift.
The time should be in milliseconds since the Unix epoch.