albatross_ca: default to 1 day for leaf certificates, 1 year for intermediate policy_add certificates

2019-11-10 23:23:42 +01:00 · 2019-11-10 23:23:42 +01:00 · af04739575
parent b1272a75ec
commit af04739575
1 changed files with 5 additions and 4 deletions
--- a/provision/albatross_provision_ca.ml
+++ b/provision/albatross_provision_ca.ml
@ -45,10 +45,11 @@ let sign_csr dbname cacert key csr days =
       Ok ()
     else
       Error (`Msg "unknown version in request")) >>= fun () ->
-    let exts = match cmd with
-      | `Policy_cmd (`Policy_add _) -> d_exts ()
-      | _ -> l_exts
+    let exts, default_days = match cmd with
+      | `Policy_cmd (`Policy_add _) -> d_exts (), 365
+      | _ -> l_exts, 1
    in
+    let days = match days with None -> default_days | Some x -> x in
    Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd);
    (* the "false" is here since X509 validation bails on exts marked as
       critical (as required), but has no way to supply which extensions
@ -121,7 +122,7 @@ let generate_cmd =

 let days =
  let doc = "Number of days" in
-  Arg.(value & opt int 1 & info [ "days" ] ~doc)
+  Arg.(value & opt (some int) None & info [ "days" ] ~doc)

 let cacert =
  let doc = "cacert" in