scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-03 20:07:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

keygeneration: make the certificates valid for 10 years

Browse Source 
UEFI firmware implementations are unlikely to validate the "days".
However we'd better specify a reasonable value. We learned that
setting the "days" argument to a large number can cause unexpected
results due to overflow.

GCE team has decided to set this value as 10 years.

BUG=b:62189155
TEST=None
BRANCH=none

Change-Id: If0375251b41e9584708355a6fd32192aa5ad0c1a
Reviewed-on: https://chromium-review.googlesource.com/1088165
Commit-Ready: Edward Jee <edjee@google.com>
Tested-by: Edward Jee <edjee@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
Edward Hyunkoo Jee
2018-06-05 17:01:08 -07:00
committed by chrome-bot
parent 2cc35b0f31
commit e21e46dfc6
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/keygeneration/uefi/uefi_common.sh
View File

@@ -79,7 +79,7 @@ _make_self_signed_pair() {
pushd "${key_name}" >/dev/null || return 1
openssl req -new -x509 -nodes -newkey rsa:2048 -sha256 \
-keyout "${key_name}.rsa" -out "${key_name}.pem" \
-subj "${subj}" -days 73000
-subj "${subj}" -days 3650
popd >/dev/null
}
@@ -100,10 +100,10 @@ _make_child_pair() {
pushd "${ca_name}/${ca_name}.children" >/dev/null || return 1
openssl req -new -nodes -newkey rsa:2048 -sha256 \
-keyout "${child_key_name}.rsa" -out "${child_key_name}.csr" \
-subj "${subj}" -days 73000
-subj "${subj}"
openssl x509 -req -sha256 -CA "../${ca_name}.pem" -CAkey "../${ca_name}.rsa" \
-CAcreateserial -in "${child_key_name}.csr" \
-out "${child_key_name}.pem" -days 73000
-out "${child_key_name}.pem" -days 3650
popd >/dev/null
}