Generate certificates with a commencement date an hour in the past.

This helps smooth over small discrepancies in client and server times, where
it's possible for a certificate to seem to be "in the future" to the client.
This commit is contained in:
Aldo Cortesi 2013-01-06 01:16:58 +13:00
parent 72032d7fe7
commit 91834ea78f
1 changed files with 1 additions and 1 deletions

View File

@ -104,7 +104,7 @@ def dummy_cert(fp, ca, commonname, sans):
req.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", True, ss)])
cert = OpenSSL.crypto.X509()
cert.gmtime_adj_notBefore()
cert.gmtime_adj_notBefore(-3600)
cert.gmtime_adj_notAfter(60 * 60 * 24 * 30)
cert.set_issuer(ca.get_subject())
cert.set_subject(req.get_subject())