Reword documentation for {SCT_CTX/CT_POLICY_EVAL_CTX}_set_time

Do not call the time "current", as a different time can be provided.
For example, a time slightly in the future, to provide tolerance for
CT logs with a clock that is running fast.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)

1 files changed, 3 insertions, 3 deletions

diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index d001fc9..bf29fba 100644
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -106,9 +106,9 @@ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
 uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
 
 /*
- * Sets the current time, in milliseconds since the Unix epoch.
- * The timestamps of the SCTs will be compared to this, to check that they were
- * not issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
  * whose timestamp is in the future", so an SCT will not validate in this case.
  */
 void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);