summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimothy Pearson <kb9vqf@pearsoncomputing.net>2015-08-24 05:45:37 (GMT)
committer Timothy Pearson <kb9vqf@pearsoncomputing.net>2015-08-24 05:45:37 (GMT)
commitf4afc1290d29af023cef891b361cb34e11d229d8 (patch)
treeff9657df76a502d4894b9b70b7e469306a23b77e
parent8b16aef38dc56c728b6330b3fa54a90a797fb3ec (diff)
downloadlibtdeldap-f4afc129.zip
libtdeldap-f4afc129.tar.gz
Extend CA expiry to 1 year
-rw-r--r--src/libtdeldap.cpp5
-rw-r--r--src/libtdeldap.h3
2 files changed, 6 insertions, 2 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp
index 11b0150..0e551b4 100644
--- a/src/libtdeldap.cpp
+++ b/src/libtdeldap.cpp
@@ -3804,8 +3804,9 @@ TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) {
int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
TQString command;
-
- command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+ TQString subject;
+ subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
+ command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(KERBEROS_PKI_PEMKEY_EXPIRY_DAYS).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject);
if (system(command) < 0) {
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
return -1;
diff --git a/src/libtdeldap.h b/src/libtdeldap.h
index 814fc0a..a1573c7 100644
--- a/src/libtdeldap.h
+++ b/src/libtdeldap.h
@@ -62,6 +62,9 @@
#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs"
#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater"
+// 1 year
+#define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365
+
// Values from hdb.asn1
enum LDAPKRB5Flags {
KRB5_INITIAL = 0x00000001,