From 0865cffddfb7dd12d136bde715d15a88013c571e Mon Sep 17 00:00:00 2001
From: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
Date: Fri, 27 Oct 2023 12:56:06 -0600
Subject: [PATCH] add 1 day margin on start time (#2481)

---
 backend/src/net/ssl.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/src/net/ssl.rs b/backend/src/net/ssl.rs
index ba2f314b9..1f9397add 100644
--- a/backend/src/net/ssl.rs
+++ b/backend/src/net/ssl.rs
@@ -195,10 +195,10 @@ pub fn make_root_cert(
 
     let unix_start_time = unix_time(start_time);
 
-    let embargo = Asn1Time::from_unix(unix_start_time)?;
+    let embargo = Asn1Time::from_unix(unix_start_time - 86400)?;
     builder.set_not_before(&embargo)?;
 
-    let expiration = Asn1Time::from_unix(unix_start_time + (10 * 365 * 86400))?;
+    let expiration = Asn1Time::from_unix(unix_start_time + (10 * 364 * 86400))?;
     builder.set_not_after(&expiration)?;
 
     builder.set_serial_number(&*rand_serial()?)?;
@@ -252,10 +252,10 @@ pub fn make_int_cert(
 
     let unix_start_time = unix_time(start_time);
 
-    let embargo = Asn1Time::from_unix(unix_start_time)?;
+    let embargo = Asn1Time::from_unix(unix_start_time - 86400)?;
     builder.set_not_before(&embargo)?;
 
-    let expiration = Asn1Time::from_unix(unix_start_time + (10 * 365 * 86400))?;
+    let expiration = Asn1Time::from_unix(unix_start_time + (10 * 364 * 86400))?;
     builder.set_not_after(&expiration)?;
 
     builder.set_serial_number(&*rand_serial()?)?;
@@ -381,7 +381,7 @@ pub fn make_leaf_cert(
     let embargo = Asn1Time::from_unix(unix_time(SystemTime::now()) - 86400)?;
     builder.set_not_before(&embargo)?;
 
-    // Google Apple and Mozilla reject certificate horizons longer than 397 days
+    // Google Apple and Mozilla reject certificate horizons longer than 398 days
     // https://techbeacon.com/security/google-apple-mozilla-enforce-1-year-max-security-certifications
     let expiration = Asn1Time::days_from_now(397)?;
     builder.set_not_after(&expiration)?;