summary refs log tree commit diff
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-01-16 11:23:12 -0500
committerJune McEnroe <june@causal.agency>2020-01-16 11:23:12 -0500
commit96438f54ebf72576aee22a5f61fe6334b78be1da (patch)
treea4e5071baca20eb05b21807b26c9181034b61dec
parentAllow signing by CA in -g (diff)
downloadpounce-96438f54ebf72576aee22a5f61fe6334b78be1da.tar.gz
pounce-96438f54ebf72576aee22a5f61fe6334b78be1da.zip
Set certificate expiry to 10 years
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
-rw-r--r--bounce.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/bounce.c b/bounce.c
index 6f98cf2..eef6c12 100644
--- a/bounce.c
+++ b/bounce.c
@@ -59,7 +59,7 @@ static void genKey(const char *path) {
 	snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name);
 	execlp(
 		LIBRESSL_BIN_PREFIX "openssl", "openssl", "req",
-		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "1000",
+		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650",
 		"-nodes", "-subj", subj, "-keyout", path,
 		NULL
 	);
@@ -98,7 +98,7 @@ static void genCert(const char *path, const char *ca) {
 	redir(STDIN_FILENO, rw[0]);
 	execlp(
 		LIBRESSL_BIN_PREFIX "openssl", "openssl", "x509",
-		"-CA", ca, "-CAcreateserial", "-days", "1000",
+		"-CA", ca, "-CAcreateserial", "-days", "3650",
 		NULL
 	);
 	err(EX_UNAVAILABLE, "openssl");
it/tests/t0107-snapshot.sh?id=410da3ac1cdb002116c08f143ce82534897ede27&follow=1'>t0107: Use `tar -z` for gzip'ed archivesLukas Fleischer