From 13f885c226fa3aae44f4857b39b170fadf11c87d Mon Sep 17 00:00:00 2001 From: Solderpunk Date: Sun, 17 May 2020 12:18:09 +0200 Subject: [PATCH] Make transient clients expire after 1 day, not 365! --- av98.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/av98.py b/av98.py index 5fbfc9e..47317c8 100755 --- a/av98.py +++ b/av98.py @@ -822,7 +822,7 @@ Slow internet connection? Use 'set timeout' to be more patient.""") def _generate_transient_cert_cert(self): certdir = os.path.join(self.config_dir, "transient_certs") name = str(uuid.uuid4()) - self._generate_client_cert(certdir, name, prompt=False) + self._generate_client_cert(certdir, name, transient=True) self.active_is_transient = True self.transient_certs_created.append(name) @@ -836,13 +836,13 @@ Slow internet connection? Use 'set timeout' to be more patient.""") certdir = os.path.join(self.config_dir, "certs") self._generate_client_cert(self, certdir, name) - def _generate_client_cert(self, certdir, basename, prompt=True): + def _generate_client_cert(self, certdir, basename, transient=False): if not os.path.exists(certdir): os.makedirs(certdir) certfile = os.path.join(certdir, basename+".crt") keyfile = os.path.join(certdir, basename+".key") - cmd = "openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout {} -out {}".format(keyfile, certfile) - if not prompt: + cmd = "openssl req -x509 -newkey rsa:2048 -days {} -nodes -keyout {} -out {}".format(1 if transient else 365, keyfile, certfile) + if transient: cmd += " -subj='/CN={}'".format(basename) os.system(cmd) self._activate_client_cert(certfile, keyfile)