From af0473957526109a44b0b18b15419d7a2c3b76e1 Mon Sep 17 00:00:00 2001 From: Hannes Mehnert Date: Sun, 10 Nov 2019 23:23:42 +0100 Subject: [PATCH] albatross_ca: default to 1 day for leaf certificates, 1 year for intermediate policy_add certificates --- provision/albatross_provision_ca.ml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/provision/albatross_provision_ca.ml b/provision/albatross_provision_ca.ml index 51bc536..fa28da5 100644 --- a/provision/albatross_provision_ca.ml +++ b/provision/albatross_provision_ca.ml @@ -45,10 +45,11 @@ let sign_csr dbname cacert key csr days = Ok () else Error (`Msg "unknown version in request")) >>= fun () -> - let exts = match cmd with - | `Policy_cmd (`Policy_add _) -> d_exts () - | _ -> l_exts + let exts, default_days = match cmd with + | `Policy_cmd (`Policy_add _) -> d_exts (), 365 + | _ -> l_exts, 1 in + let days = match days with None -> default_days | Some x -> x in Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd); (* the "false" is here since X509 validation bails on exts marked as critical (as required), but has no way to supply which extensions @@ -121,7 +122,7 @@ let generate_cmd = let days = let doc = "Number of days" in - Arg.(value & opt int 1 & info [ "days" ] ~doc) + Arg.(value & opt (some int) None & info [ "days" ] ~doc) let cacert = let doc = "cacert" in