mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Reduce default CRL lifetime to 20min
This commit is contained in:
parent
6de010a411
commit
d8f1e36ecf
@ -129,7 +129,8 @@ class SignHandler(asynchat.async_chat):
|
||||
|
||||
builder = x509.CertificateRevocationListBuilder(
|
||||
).last_update(now
|
||||
).next_update(now + timedelta(days=1)
|
||||
).next_update(
|
||||
now + timedelta(seconds=config.REVOCATION_LIST_LIFETIME)
|
||||
).issuer_name(self.server.certificate.issuer
|
||||
).add_extension(
|
||||
x509.AuthorityKeyIdentifier.from_issuer_public_key(
|
||||
|
@ -61,7 +61,7 @@ database = sqlite://{{ directory }}/db.sqlite
|
||||
|
||||
[signature]
|
||||
certificate lifetime = 1825
|
||||
revocation list lifetime = 1
|
||||
revocation list lifetime = 1200
|
||||
certificate url = {{ certificate_url }}
|
||||
revoked url = {{ revoked_url }}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user