uhttpd: Decrease the default validity time of certificate

The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.

Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
 6.3.2 Certificate operational periods and key pair usage periods
 Subscriber Certificates issued on or after 1 September 2020
 SHOULD NOT have a Validity Period greater than 397 days and
 MUST NOT have a Validity Period greater than 398 days.

Signed-off-by: Hannu Nyman <[email protected]>
Link: openwrt#15366
Signed-off-by: Robert Marko <[email protected]>

package/network/services/uhttpd/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git

package/network/services/uhttpd/files/uhttpd.config

@@ -123,8 +123,8 @@ config uhttpd main
 # Defaults for automatic certificate and key generation
 config cert defaults
 
-	# Validity time
-	option days		730
+	# Validity time, 397 days is maximum allowed by CA/Browser forum
+	option days		397
 
 	# key type: rsa or ec
 	option key_type		ec

package/network/services/uhttpd/files/uhttpd.init

@@ -56,7 +56,7 @@ generate_keys() {
 	[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
 	[ -n "$GENKEY_CMD" ] && {
 		$GENKEY_CMD \
-			-days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
+			-days ${days:-397} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
 			-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${organization:-OpenWrt$UNIQUEID}"/CN="${commonname:-OpenWrt}" \
 			-addext extendedKeyUsage=serverAuth -addext subjectAltName=DNS:"${commonname:-OpenWrt}"
 		sync