summary refs log tree commit diff
path: root/bounce.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-01-16 11:23:12 -0500
committerJune McEnroe <june@causal.agency>2020-01-16 11:23:12 -0500
commit96438f54ebf72576aee22a5f61fe6334b78be1da (patch)
treea4e5071baca20eb05b21807b26c9181034b61dec /bounce.c
parentAllow signing by CA in -g (diff)
downloadpounce-96438f54ebf72576aee22a5f61fe6334b78be1da.tar.gz
pounce-96438f54ebf72576aee22a5f61fe6334b78be1da.zip
Set certificate expiry to 10 years
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
Diffstat (limited to 'bounce.c')
-rw-r--r--bounce.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/bounce.c b/bounce.c
index 6f98cf2..eef6c12 100644
--- a/bounce.c
+++ b/bounce.c
@@ -59,7 +59,7 @@ static void genKey(const char *path) {
 	snprintf(subj, sizeof(subj), "/CN=%.*s", (int)strcspn(name, "."), name);
 	execlp(
 		LIBRESSL_BIN_PREFIX "openssl", "openssl", "req",
-		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "1000",
+		"-x509", "-new", "-newkey", "rsa:4096", "-sha256", "-days", "3650",
 		"-nodes", "-subj", subj, "-keyout", path,
 		NULL
 	);
@@ -98,7 +98,7 @@ static void genCert(const char *path, const char *ca) {
 	redir(STDIN_FILENO, rw[0]);
 	execlp(
 		LIBRESSL_BIN_PREFIX "openssl", "openssl", "x509",
-		"-CA", ca, "-CAcreateserial", "-days", "1000",
+		"-CA", ca, "-CAcreateserial", "-days", "3650",
 		NULL
 	);
 	err(EX_UNAVAILABLE, "openssl");