Bump CRL interval up by an hour to avoid race condition, since CRL

regeneration isn't instantaneous. Closes #601. svn path=/trunk/; revision=5524
author: Rob Austein <sra@hactrn.net> 2013-09-26 17:29:04 +0000
committer: Rob Austein <sra@hactrn.net> 2013-09-26 17:29:04 +0000
commit: a9ffe0ea529cba712568f12ea9bf9dba8b85708e (patch)
tree: b87d41ee593887f8a31a38ef1e102494cc9c4941 /rpkid
parent: d5de8427467fcd65728eebc2a7db57509a2adbca (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py
index 1d3d70de..ce241806 100644
--- a/rpkid/rpki/irdb/models.py
+++ b/rpkid/rpki/irdb/models.py
@@ -43,9 +43,14 @@ ip_version_choices = ((4, "IPv4"), (6, "IPv6"))
 ca_certificate_lifetime = rpki.sundial.timedelta(days = 3652)
 
 ## @var crl_interval
-# Expected interval between BPKI CRL updates
 
-crl_interval = rpki.sundial.timedelta(days = 1)
+# Expected interval between BPKI CRL updates.  This should be a little
+# longer than the real regeneration cycle, so that the old CRL will
+# not go stale while we're generating the new one.  Eg, if we
+# regenerate daily, an interval of 24 hours is too short, but 25 hours
+# would be OK, as would 24 hours and 30 minutes.
+
+crl_interval = rpki.sundial.timedelta(hours = 25)
 
 ## @var ee_certificate_lifetime
 # Lifetime for a BPKI EE certificate.
author	Rob Austein <sra@hactrn.net>	2013-09-26 17:29:04 +0000
committer	Rob Austein <sra@hactrn.net>	2013-09-26 17:29:04 +0000
commit	a9ffe0ea529cba712568f12ea9bf9dba8b85708e (patch)
tree	b87d41ee593887f8a31a38ef1e102494cc9c4941 /rpkid
parent	d5de8427467fcd65728eebc2a7db57509a2adbca (diff)