diff options
| author | lloyd <[email protected]> | 2008-04-10 05:05:42 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-04-10 05:05:42 +0000 |
| commit | fc01b5a4bb338c892a928c869e31bb58bf4dd319 (patch) | |
| tree | 952062f53a44c9f60a8d3114e865d32cafd2e305 | |
| parent | 23df73a03249341a569a97a39081769b4f8f174b (diff) | |
Add a second argument to X509_Cert_Options, which replaces
the configuration value default_expire
Remove signing_offset as well - it is only used for setting the
default time of a X509_Cert_Options: not worth the cost of a global
variable.
| -rw-r--r-- | include/x509self.h | 3 | ||||
| -rw-r--r-- | src/policy.cpp | 2 | ||||
| -rw-r--r-- | src/x509opt.cpp | 14 |
3 files changed, 7 insertions, 12 deletions
diff --git a/include/x509self.h b/include/x509self.h index 4bd830ea4..4ad7f8f5c 100644 --- a/include/x509self.h +++ b/include/x509self.h @@ -47,7 +47,8 @@ class X509_Cert_Options void add_ex_constraint(const OID&); void add_ex_constraint(const std::string&); - X509_Cert_Options(const std::string& = ""); + X509_Cert_Options(const std::string& = "", + u32bit expire = 365 * 24 * 60 * 60); }; namespace X509 { diff --git a/src/policy.cpp b/src/policy.cpp index 7ef8241d8..ac81f43b0 100644 --- a/src/policy.cpp +++ b/src/policy.cpp @@ -241,8 +241,6 @@ void set_default_config(Config& config) config.set_option("x509/ca/allow_ca", "false"); config.set_option("x509/ca/basic_constraints", "always"); - config.set_option("x509/ca/default_expire", "1y"); - config.set_option("x509/ca/signing_offset", "30s"); config.set_option("x509/ca/rsa_hash", "SHA-1"); config.set_option("x509/ca/str_type", "latin1"); diff --git a/src/x509opt.cpp b/src/x509opt.cpp index edaaa1437..36b82de00 100644 --- a/src/x509opt.cpp +++ b/src/x509opt.cpp @@ -77,21 +77,17 @@ void X509_Cert_Options::sanity_check() const /************************************************* * Initialize the certificate options * *************************************************/ -X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts) +X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, + u32bit expiration_time_in_seconds) { - const u32bit DEFAULT_EXPIRE = - global_config().option_as_time("x509/ca/default_expire"); - const u32bit OFFSET_FROM_NOW = - global_config().option_as_time("x509/ca/signing_offset"); - is_CA = false; path_limit = 0; constraints = NO_CONSTRAINTS; - const u64bit current_time = system_time(); + const u32bit now = system_time(); - start = X509_Time(current_time - OFFSET_FROM_NOW); - end = X509_Time(current_time - OFFSET_FROM_NOW + DEFAULT_EXPIRE); + start = X509_Time(now); + end = X509_Time(now + expiration_time_in_seconds); if(initial_opts == "") return; |