diff options
| author | Rob Austein <sra@hactrn.net> | 2009-01-21 20:35:39 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-01-21 20:35:39 +0000 |
| commit | 59985269c29a7e57ade19a3525171f86dc709fca (patch) | |
| tree | 406e0a3b78c09caf6704d048affa76c7a07fe711 /rpkid/rootd.py | |
| parent | 20c6ec811341d52fab3c4a2c203af0f83182379c (diff) | |
More certificate regeneration issues
svn path=/rpkid/rootd.py; revision=2272
Diffstat (limited to 'rpkid/rootd.py')
| -rwxr-xr-x | rpkid/rootd.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/rpkid/rootd.py b/rpkid/rootd.py index cccf4805..61580956 100755 --- a/rpkid/rootd.py +++ b/rpkid/rootd.py @@ -66,11 +66,12 @@ def set_subject_pkcs10(pkcs10): f.close() def issue_subject_cert_maybe(): + now = rpki.sundial.now() subject_cert = get_subject_cert() if subject_cert is not None: - if not subject_cert.expired(): + if subject_cert.getNotAfter() > now + rpki_subject_regen: return subject_cert - rpki.log.debug("Subject certificate has expired") + rpki.log.debug("Subject certificate has reached expiration threshold, regenerating") pkcs10 = get_subject_pkcs10() if pkcs10 is None: rpki.log.debug("No saved PKCS #10 request") @@ -80,7 +81,6 @@ def issue_subject_cert_maybe(): req_key = pkcs10.getPublicKey() req_sia = pkcs10.get_SIA() crldp = rpki_base_uri + rpki_root_crl - now = rpki.sundial.now() subject_cert = rpki_root_cert.issue( keypair = rpki_root_key, subject_key = req_key, @@ -245,6 +245,7 @@ rpki_subject_cert = cfg.get("rpki-subject-cert", "Subroot.cer") rpki_subject_pkcs10 = cfg.get("rpki-subject-pkcs10", "Subroot.pkcs10") rpki_subject_lifetime = rpki.sundial.timedelta.parse(cfg.get("rpki-subject-lifetime", "30d")) +rpki_subject_regen = rpki.sundial.timedelta.parse(cfg.get("rpki-subject-regen", rpki_subject_lifetime.convert_to_seconds() / 2)) rpki.https.server(server_key = rootd_bpki_key, server_cert = rootd_bpki_cert, |