[PATCH 02/10] s4-backupkey: Cert lifetime of 365 days, not secs
Arvid Requate
requate at univention.de
Mon Jul 7 11:14:36 MDT 2014
hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in
in seconds. The Windows 7 client didn't seem to care that the lifetime
was only 6'03''. Let's fix it anyway.
Note two other TODOs in this implementation not yet covered:
* Since notBefore is not set explicietely to "now", the heimdal code
default of now-(24 hours) is applied.
* Server side validity checks and cert renewal are missing.
Signed-off-by: Arvid Requate <requate at univention.de>
---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 765caeb..50ceeeb 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -994,7 +994,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct
dcesrv_call_state *dce_
char *secret_name;
struct bkrp_exported_RSA_key_pair keypair;
enum ndr_err_code ndr_err;
- uint32_t nb_days_validity = 365;
+ uint32_t nb_days_validity = 3600 * 24 * 365;
DEBUG(6, ("Trying to generate a certificate\n"));
hx509_context_init(&hctx);
--
2.0.0.rc2
More information about the samba-technical
mailing list