Extend the CA cert to last for 7000 days #24
Conversation
|
@davewasmer could this be merged & released? |
|
@deasems unfortunately I don't have much time to maintain this library anymore. I'd be happy to bring on some other contributors if anyone else is interested in helping out. However, I'm very wary of (1) merging PRs I don't have time to thoroughly review, and (2) giving out commit access too lightly, since this project involves modifying trusted cert authorities. If you, or anyone else (@zetlen?), is interested in jumping in and helping maintain, let me know and we can figure out the best way to move forward. |
|
Hey @davewasmer, I'd love to maintain. I can propose to my project team that we take this on as an official open source project. We could then get some real infosec review on it. |
|
@zetlen great! Let me know if you and your team decide you'd like to take it on and we can get on a call to figure out the details. |
|
@davewasmer I talked about it with internal resources and I think our best bet is for me to take over as maintainer as a private citizen, (hand over heart) voluntarily and of my own free will. Happy to do a personal call whenever you'd like; my email is on my profile. |
|
@zetlen sounds good, I'll follow up by email |
It appears for some reason that the
default_daysvalue in the config file for the CA is not being respected. This forces from the command line the CA cert to last 7000 days. I believe this resolves the issues seen in #22. I couldn't find any documentation as to why this changed or if it was changed intentionally by OpenSSL or something else.