If we're built with std, always use real time to validate DNSSEC

In cases where we're built with the `std` feature, we can assume
that `SystemTime` works, so we should use it to validate that
DNSSEC proofs we receive are currently valid, even if we don't have
block time data.

Author: TheBlueMatt

lightning/src/onion_message/dns_resolution.rs

@@ -478,16 +478,23 @@ impl OMNameResolver {
 			let validated_rrs =
 				parsed_rrs.as_ref().and_then(|rrs| verify_rr_stream(rrs).map_err(|_| &()));
 			if let Ok(validated_rrs) = validated_rrs {
-				let block_time = self.latest_block_time.load(Ordering::Acquire) as u64;
-				if block_time != 0 {
+				let mut time = self.latest_block_time.load(Ordering::Acquire) as u64;
+				#[cfg(feature = "std")]
+				{
+					use std::time::{SystemTime, UNIX_EPOCH};
+					let now = SystemTime::now().duration_since(UNIX_EPOCH);
+					time = now.expect("Time must be > 1970").as_secs();
+				}
+				if time != 0 {
 					// Block times may be up to two hours in the future and some time into the past
 					// (we assume no more than two hours, though the actual limits are rather
 					// complicated).
 					// Thus, we have to let the proof times be rather fuzzy.
-					if validated_rrs.valid_from > block_time + 60 * 2 {
+					let max_time_offset = if cfg!(feature = "std") { 0 } else { 60 * 2 };
+					if validated_rrs.valid_from > time + max_time_offset {
 						return None;
 					}
-					if validated_rrs.expires < block_time - 60 * 2 {
+					if validated_rrs.expires < time - max_time_offset {
 						return None;
 					}
 				}