From d8f1e36ecfff983c3852a11ed18ad828cd51cba6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Tue, 29 Mar 2016 15:17:44 +0300 Subject: [PATCH] Reduce default CRL lifetime to 20min --- certidude/signer.py | 3 ++- certidude/templates/certidude.conf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/certidude/signer.py b/certidude/signer.py index 8b7c16d..7bfd50d 100644 --- a/certidude/signer.py +++ b/certidude/signer.py @@ -129,7 +129,8 @@ class SignHandler(asynchat.async_chat): builder = x509.CertificateRevocationListBuilder( ).last_update(now - ).next_update(now + timedelta(days=1) + ).next_update( + now + timedelta(seconds=config.REVOCATION_LIST_LIFETIME) ).issuer_name(self.server.certificate.issuer ).add_extension( x509.AuthorityKeyIdentifier.from_issuer_public_key( diff --git a/certidude/templates/certidude.conf b/certidude/templates/certidude.conf index da1e348..937188c 100644 --- a/certidude/templates/certidude.conf +++ b/certidude/templates/certidude.conf @@ -61,7 +61,7 @@ database = sqlite://{{ directory }}/db.sqlite [signature] certificate lifetime = 1825 -revocation list lifetime = 1 +revocation list lifetime = 1200 certificate url = {{ certificate_url }} revoked url = {{ revoked_url }}