reynir/albatross
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

albatross_ca: default to 1 day for leaf certificates, 1 year for intermediate policy_add certificates

Browse source
This commit is contained in:
Hannes Mehnert 2019-11-10 23:23:42 +01:00
parent b1272a75ec
commit af04739575
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
provision/albatross_provision_ca.ml
View file

@ -45,10 +45,11 @@ let sign_csr dbname cacert key csr days =
Ok () Ok ()
else else
Error (`Msg "unknown version in request")) >>= fun () -> Error (`Msg "unknown version in request")) >>= fun () ->
let exts = match cmd with let exts, default_days = match cmd with
| `Policy_cmd (`Policy_add _) -> d_exts () | `Policy_cmd (`Policy_add _) -> d_exts (), 365
| _ -> l_exts | _ -> l_exts, 1
in in
let days = match days with None -> default_days | Some x -> x in
Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd); Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd);
(* the "false" is here since X509 validation bails on exts marked as (* the "false" is here since X509 validation bails on exts marked as
critical (as required), but has no way to supply which extensions critical (as required), but has no way to supply which extensions
@ -121,7 +122,7 @@ let generate_cmd =
let days = let days =
let doc = "Number of days" in let doc = "Number of days" in
Arg.(value & opt int 1 & info [ "days" ] ~doc) Arg.(value & opt (some int) None & info [ "days" ] ~doc)
let cacert = let cacert =
let doc = "cacert" in let doc = "cacert" in