-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend the CA cert to last for 7000 days #24
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
@davewasmer could this be merged & released? |
@deasems unfortunately I don't have much time to maintain this library anymore. I'd be happy to bring on some other contributors if anyone else is interested in helping out. However, I'm very wary of (1) merging PRs I don't have time to thoroughly review, and (2) giving out commit access too lightly, since this project involves modifying trusted cert authorities. If you, or anyone else (@zetlen?), is interested in jumping in and helping maintain, let me know and we can figure out the best way to move forward. |
Hey @davewasmer, I'd love to maintain. I can propose to my project team that we take this on as an official open source project. We could then get some real infosec review on it. |
@zetlen great! Let me know if you and your team decide you'd like to take it on and we can get on a call to figure out the details. |
@davewasmer I talked about it with internal resources and I think our best bet is for me to take over as maintainer as a private citizen, (hand over heart) voluntarily and of my own free will. Happy to do a personal call whenever you'd like; my email is on my profile. |
@zetlen sounds good, I'll follow up by email |
It appears for some reason that the
default_days
value in the config file for the CA is not being respected. This forces from the command line the CA cert to last 7000 days. I believe this resolves the issues seen in #22. I couldn't find any documentation as to why this changed or if it was changed intentionally by OpenSSL or something else.