make the CA cert live longer (#4611)

We need to restrict `CERT_EXPIRY` because modern browsers only accept a ~ <= 1year period for certs, but re-reading all prior commits and issues as well as the CA/Browser Forum Baseline Requirements on the topic, it looks like we don't actually need to restrict our CA lifetime by that much. Let's try out a longer validity and see if anyone complains.
2024-11-22 15:37:45 +00:00 · 2021-05-25 23:39:17 +02:00 · 2021-05-25 23:39:17 +02:00 · 47b792bae1
commit 47b792bae1
parent 292e3b413c
1 changed files with 1 additions and 1 deletions
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@ -17,7 +17,7 @@ import OpenSSL
 from mitmproxy.coretypes import serializable

 # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
-CA_EXPIRY = datetime.timedelta(days=3 * 365)
+CA_EXPIRY = datetime.timedelta(days=10 * 365)
 CERT_EXPIRY = datetime.timedelta(days=365)

 # Generated with "openssl dhparam". It's too slow to generate this on startup.