Commit 2737d8c0 authored by Marten Seemann's avatar Marten Seemann
Browse files

generate certificates that are valid for 180 days

parent 9d8055d4
...@@ -18,6 +18,8 @@ import ( ...@@ -18,6 +18,8 @@ import (
// mint certificate selection is broken. // mint certificate selection is broken.
const hostname = "quic.ipfs" const hostname = "quic.ipfs"
const certValidityPeriod = 180 * 24 * time.Hour
func generateConfig(privKey ic.PrivKey) (*tls.Config, error) { func generateConfig(privKey ic.PrivKey) (*tls.Config, error) {
key, hostCert, err := keyToCertificate(privKey) key, hostCert, err := keyToCertificate(privKey)
if err != nil { if err != nil {
...@@ -35,7 +37,7 @@ func generateConfig(privKey ic.PrivKey) (*tls.Config, error) { ...@@ -35,7 +37,7 @@ func generateConfig(privKey ic.PrivKey) (*tls.Config, error) {
DNSNames: []string{hostname}, DNSNames: []string{hostname},
SerialNumber: big.NewInt(1), SerialNumber: big.NewInt(1),
NotBefore: time.Now().Add(-24 * time.Hour), NotBefore: time.Now().Add(-24 * time.Hour),
NotAfter: time.Now().Add(30 * 24 * time.Hour), NotAfter: time.Now().Add(certValidityPeriod),
} }
certDER, err := x509.CreateCertificate(rand.Reader, certTemplate, hostCert, ephemeralKey.Public(), key) certDER, err := x509.CreateCertificate(rand.Reader, certTemplate, hostCert, ephemeralKey.Public(), key)
if err != nil { if err != nil {
...@@ -80,7 +82,7 @@ func keyToCertificate(sk ic.PrivKey) (interface{}, *x509.Certificate, error) { ...@@ -80,7 +82,7 @@ func keyToCertificate(sk ic.PrivKey) (interface{}, *x509.Certificate, error) {
tmpl := &x509.Certificate{ tmpl := &x509.Certificate{
SerialNumber: sn, SerialNumber: sn,
NotBefore: time.Now().Add(-24 * time.Hour), NotBefore: time.Now().Add(-24 * time.Hour),
NotAfter: time.Now().Add(30 * 24 * time.Hour), NotAfter: time.Now().Add(certValidityPeriod),
IsCA: true, IsCA: true,
BasicConstraintsValid: true, BasicConstraintsValid: true,
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment