diff options
| author | June McEnroe <june@causal.agency> | 2020-01-16 11:23:12 -0500 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2020-01-16 11:23:12 -0500 |
| commit | 96438f54ebf72576aee22a5f61fe6334b78be1da (patch) | |
| tree | a4e5071baca20eb05b21807b26c9181034b61dec | |
| parent | Allow signing by CA in -g (diff) | |
| download | pounce-96438f54ebf72576aee22a5f61fe6334b78be1da.tar.gz pounce-96438f54ebf72576aee22a5f61fe6334b78be1da.zip | |
Set certificate expiry to 10 years
I'm pretty sure any kind of "renewing" of these is going to suck, so just set it long enough that the world will probably be ash by then.
| -rw-r--r-- | bounce.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/bounce.c b/bounce.c index 6f98cf2..eef6c12 100644 --- a/bounce.c +++ b/bounce.c @@ -59,7 +59,7 @@ static void genKey(const char *path) { snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name); execlp( LIBRESSL_BIN_PREFIX "openssl", "openssl", "req", - "-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "1000", + "-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650", "-nodes", "-subj", subj, "-keyout", path, NULL ); @@ -98,7 +98,7 @@ static void genCert(const char *path, const char *ca) { redir(STDIN_FILENO, rw[0]); execlp( LIBRESSL_BIN_PREFIX "openssl", "openssl", "x509", - "-CA", ca, "-CAcreateserial", "-days", "1000", + "-CA", ca, "-CAcreateserial", "-days", "3650", NULL ); err(EX_UNAVAILABLE, "openssl"); |