mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2024-12-21 23:18:00 -08:00
Code

Do not hardcode the CRL lifetime for "ikectl revoke" to 365 days. This value

Browse Source 
is supposed to be configurable via ikeca.cnf.

ok tobhe@, "probably ok" sthen@
This commit is contained in:
pascal 2024-12-12 17:29:33 +00:00
parent 823dae7d71
commit 7c9b6f9dcf
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.sbin/ikectl/ikeca.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ikeca.c,v 1.51 2021/01/23 22:04:55 tobhe Exp $ */
/* $OpenBSD: ikeca.c,v 1.52 2024/12/12 17:29:33 pascal Exp $ */
/*
* Copyright (c) 2010 Jonathan Gray <jsg@openbsd.org>
@ -1034,7 +1034,7 @@ ca_revoke(struct ca *ca, char *keyname)
err(1, "%s: snprintf", __func__);
char *cmd[] = { PATH_OPENSSL, "ca", "-config", ca->sslcnf,
"-keyfile", cakey, "-passin", ca->passfile, "-gencrl",
"-cert", cacrt, "-crldays", "365", "-out", path, ca->batch, NULL };
"-cert", cacrt, "-out", path, ca->batch, NULL };
ca_execv(cmd);
return (0);