From c9de3e770b8b8567cc3c233e9d0f82fd7a47e634 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Tue, 17 Feb 2015 11:59:07 +1300 Subject: [PATCH 1/3] By popular demand, bump dummy cert expiry to 5 years fixes #52 --- netlib/certutils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlib/certutils.py b/netlib/certutils.py index af6177d8c..948eb85de 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -61,7 +61,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600*48) - cert.gmtime_adj_notAfter(60 * 60 * 24 * 30) + cert.gmtime_adj_notAfter(60 * 60 * 24 * 30 * 365 * 5) cert.set_issuer(cacert.get_subject()) cert.get_subject().CN = commonname cert.set_serial_number(int(time.time()*10000)) From 7e5bb74e7211dbe06b33847475854f54c56aa8d5 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Tue, 17 Feb 2015 12:03:52 +1300 Subject: [PATCH 2/3] 5 years is enough... --- netlib/certutils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlib/certutils.py b/netlib/certutils.py index 948eb85de..3eb9846d0 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -61,7 +61,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600*48) - cert.gmtime_adj_notAfter(60 * 60 * 24 * 30 * 365 * 5) + cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 5) cert.set_issuer(cacert.get_subject()) cert.get_subject().CN = commonname cert.set_serial_number(int(time.time()*10000)) From 2a2402dfffc9f1a51869170793673eaf49207d0f Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 17 Feb 2015 00:10:10 +0100 Subject: [PATCH 3/3] ...two years is not enough. --- netlib/certutils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/netlib/certutils.py b/netlib/certutils.py index 3eb9846d0..5d8a56b87 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -6,7 +6,7 @@ from pyasn1.codec.der.decoder import decode from pyasn1.error import PyAsn1Error import OpenSSL -DEFAULT_EXP = 62208000 # =24 * 60 * 60 * 720 +DEFAULT_EXP = 157680000 # = 24 * 60 * 60 * 365 * 5 # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = """-----BEGIN DH PARAMETERS----- MIGHAoGBAOdPzMbYgoYfO3YBYauCLRlE8X1XypTiAjoeCFD0qWRx8YUsZ6Sj20W5 @@ -61,7 +61,7 @@ def dummy_cert(privkey, cacert, commonname, sans): cert = OpenSSL.crypto.X509() cert.gmtime_adj_notBefore(-3600*48) - cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 5) + cert.gmtime_adj_notAfter(DEFAULT_EXP) cert.set_issuer(cacert.get_subject()) cert.get_subject().CN = commonname cert.set_serial_number(int(time.time()*10000))