Start9/start-os
2
0
Fork 0
mirror of https://github.com/Start9Labs/start-os.git synced 2026-03-30 12:11:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

use yesterday for not_before on ssl certs (#2204)

Browse Source
This commit is contained in:
Aiden McClelland
2023-03-13 11:43:10 -06:00
committed by GitHub
parent 878b235614
commit 2f6ebd16c1
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/src/net/ssl.rs
View File

@@ -2,6 +2,7 @@ use std::cmp::Ordering;
use std::collections::{BTreeMap, BTreeSet}; use std::collections::{BTreeMap, BTreeSet};
use std::net::IpAddr; use std::net::IpAddr;
use std::path::Path; use std::path::Path;
use std::time::{SystemTime, UNIX_EPOCH};
use futures::FutureExt; use futures::FutureExt;
use openssl::asn1::{Asn1Integer, Asn1Time}; use openssl::asn1::{Asn1Integer, Asn1Time};
@@ -341,7 +342,14 @@ pub fn make_leaf_cert(
let mut builder = X509Builder::new()?; let mut builder = X509Builder::new()?;
builder.set_version(CERTIFICATE_VERSION)?; builder.set_version(CERTIFICATE_VERSION)?;
let embargo = Asn1Time::days_from_now(0)?; let embargo = Asn1Time::from_unix(
SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|d| d.as_secs() as i64)
.or_else(|_| UNIX_EPOCH.elapsed().map(|d| -(d.as_secs() as i64)))
.unwrap_or_default()
- 86400,
)?;
builder.set_not_before(&embargo)?; builder.set_not_before(&embargo)?;
// Google Apple and Mozilla reject certificate horizons longer than 397 days // Google Apple and Mozilla reject certificate horizons longer than 397 days