mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4-backupkey: Cert lifetime of 365 days, not secs
hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in in seconds. The Windows 7 client didn't seem to care that the lifetime was only 6'03''. Two other TODOs in this implementation: * Since notBefore is not set explicietely to "now", the heimdal code default of now-(24 hours) is applied. * Server side validity checks and cert renewal are missing. Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This commit is contained in:
parent
9b2ff26c89
commit
89803009b9
@ -994,7 +994,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
|
||||
char *secret_name;
|
||||
struct bkrp_exported_RSA_key_pair keypair;
|
||||
enum ndr_err_code ndr_err;
|
||||
uint32_t nb_days_validity = 365;
|
||||
uint32_t nb_days_validity = 3600 * 24 * 365;
|
||||
|
||||
DEBUG(6, ("Trying to generate a certificate\n"));
|
||||
hx509_context_init(&hctx);
|
||||
|
Loading…
Reference in New Issue
Block a user