From a9ffe0ea529cba712568f12ea9bf9dba8b85708e Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Thu, 26 Sep 2013 17:29:04 +0000
Subject: Bump CRL interval up by an hour to avoid race condition, since CRL
 regeneration isn't instantaneous.  Closes #601.

svn path=/trunk/; revision=5524
---
 rpkid/rpki/irdb/models.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'rpkid')

diff --git a/rpkid/rpki/irdb/models.py b/rpkid/rpki/irdb/models.py
index 1d3d70de..ce241806 100644
--- a/rpkid/rpki/irdb/models.py
+++ b/rpkid/rpki/irdb/models.py
@@ -43,9 +43,14 @@ ip_version_choices = ((4, "IPv4"), (6, "IPv6"))
 ca_certificate_lifetime = rpki.sundial.timedelta(days = 3652)
 
 ## @var crl_interval
-# Expected interval between BPKI CRL updates
 
-crl_interval = rpki.sundial.timedelta(days = 1)
+# Expected interval between BPKI CRL updates.  This should be a little
+# longer than the real regeneration cycle, so that the old CRL will
+# not go stale while we're generating the new one.  Eg, if we
+# regenerate daily, an interval of 24 hours is too short, but 25 hours
+# would be OK, as would 24 hours and 30 minutes.
+
+crl_interval = rpki.sundial.timedelta(hours = 25)
 
 ## @var ee_certificate_lifetime
 # Lifetime for a BPKI EE certificate.
-- 
cgit v1.2.3