Generate certificates with a commencement date an hour in the past.
This helps smooth over small discrepancies in client and server times, where it's possible for a certificate to seem to be "in the future" to the client.
This commit is contained in:
parent
72032d7fe7
commit
91834ea78f
|
@ -104,7 +104,7 @@ def dummy_cert(fp, ca, commonname, sans):
|
|||
req.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", True, ss)])
|
||||
|
||||
cert = OpenSSL.crypto.X509()
|
||||
cert.gmtime_adj_notBefore()
|
||||
cert.gmtime_adj_notBefore(-3600)
|
||||
cert.gmtime_adj_notAfter(60 * 60 * 24 * 30)
|
||||
cert.set_issuer(ca.get_subject())
|
||||
cert.set_subject(req.get_subject())
|
||||
|
|
Loading…
Reference in New Issue