Reduce default CRL lifetime to 20min

2025-10-30 17:09:19 +00:00 · 2016-03-29 15:17:44 +03:00
parent 6de010a411
commit d8f1e36ecf
2 changed files with 3 additions and 2 deletions
--- a/certidude/signer.py
+++ b/certidude/signer.py
@@ -129,7 +129,8 @@ class SignHandler(asynchat.async_chat):

            builder = x509.CertificateRevocationListBuilder(
                ).last_update(now
-                ).next_update(now + timedelta(days=1)
+                ).next_update(
+                    now + timedelta(seconds=config.REVOCATION_LIST_LIFETIME)
                ).issuer_name(self.server.certificate.issuer
                ).add_extension(
                    x509.AuthorityKeyIdentifier.from_issuer_public_key(
--- a/certidude/templates/certidude.conf
+++ b/certidude/templates/certidude.conf
@@ -61,7 +61,7 @@ database = sqlite://{{ directory }}/db.sqlite

 [signature]
 certificate lifetime = 1825
-revocation list lifetime = 1
+revocation list lifetime = 1200
 certificate url = {{ certificate_url }}
 revoked url = {{ revoked_url }}