s4-backupkey: Cert lifetime of 365 days, not secs

hx509_ca_tbs_set_notAfter_lifetime expects the lifetime value in in seconds. The Windows 7 client didn't seem to care that the lifetime was only 6'03''. Two other TODOs in this implementation: * Since notBefore is not set explicietely to "now", the heimdal code default of now-(24 hours) is applied. * Server side validity checks and cert renewal are missing. Signed-off-by: Arvid Requate <[email protected]> Reviewed-by: Andrew Bartlett <[email protected]> Reviewed-by: Garming Sam <[email protected]>
dut3062796s · Feb 25, 2015 · 8980300 · 8980300
1 parent 9b2ff26
commit 8980300
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -994,7 +994,7 @@ static WERROR generate_bkrp_cert(TALLOC_CTX *ctx, struct dcesrv_call_state *dce_
 	char *secret_name;
 	struct bkrp_exported_RSA_key_pair keypair;
 	enum ndr_err_code ndr_err;
-	uint32_t nb_days_validity = 365;
+	uint32_t nb_days_validity = 3600 * 24 * 365;
 
 	DEBUG(6, ("Trying to generate a certificate\n"));
 	hx509_context_init(&hctx);