Drop rootd's manifest and CRL interval down to same interval used for

regenerating the subject certificate, to avoid confusing GUI expiration checker when rcynic has rsync-early disabled. See #579. svn path=/trunk/; revision=5437
author: Rob Austein <sra@hactrn.net> 2013-07-17 20:34:45 +0000
committer: Rob Austein <sra@hactrn.net> 2013-07-17 20:34:45 +0000
commit: c0653913adca6545036bd0590cb94f5d8e9248f2 (patch)
tree: 2cd9bd48d1fc9b9701812e70921bf460b97e188f /rpkid/rpki/rootd.py
parent: 69afe62677ab345591ab74adedb37b92f8944f96 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/rpkid/rpki/rootd.py b/rpkid/rpki/rootd.py
index b7eb989e..09b792ea 100644
--- a/rpkid/rpki/rootd.py
+++ b/rpkid/rpki/rootd.py
@@ -214,7 +214,7 @@ class main(object):
       issuer              = self.rpki_root_cert,
       serial              = self.crl_number,
       thisUpdate          = now,
-      nextUpdate          = now + self.rpki_subject_lifetime,
+      nextUpdate          = now + self.rpki_subject_regen,
       revokedCertificates = self.revoked)
     rpki.log.debug("Writing CRL %s" % os.path.join(self.rpki_root_dir, self.rpki_root_crl))
     f = open(os.path.join(self.rpki_root_dir, self.rpki_root_crl), "wb")
@@ -238,7 +238,7 @@ class main(object):
     manifest = rpki.x509.SignedManifest.build(
       serial         = self.crl_number,
       thisUpdate     = now,
-      nextUpdate     = now + self.rpki_subject_lifetime,
+      nextUpdate     = now + self.rpki_subject_regen,
       names_and_objs = manifest_content,
       keypair        = manifest_keypair,
       certs          = manifest_cert)
author	Rob Austein <sra@hactrn.net>	2013-07-17 20:34:45 +0000
committer	Rob Austein <sra@hactrn.net>	2013-07-17 20:34:45 +0000
commit	c0653913adca6545036bd0590cb94f5d8e9248f2 (patch)
tree	2cd9bd48d1fc9b9701812e70921bf460b97e188f /rpkid/rpki/rootd.py
parent	69afe62677ab345591ab74adedb37b92f8944f96 (diff)