From: James DeFelice <james.defelice@gmail.com>
Date: Mon, 28 Oct 2019 10:53:51 +0000 (+0000)
Subject: Fix expiration of self-signed generated certs to be 3 years (#501)
X-Git-Tag: SQUID_5_0_1~24
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=95bbbcc6eb81b4de915c1e210a0669fd0449dc6a;p=thirdparty%2Fsquid.git

Fix expiration of self-signed generated certs to be 3 years (#501)

Generated self-signed certificates lifetime was incorrectly set to
356*3 days, which is approximately 27 days shorter than 3 years.

The fixed problem does not affect Squids using "sslproxy_cert_adapt
setValidAfter" and Squids using a configured signing CA certificate.
---

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index 2688513cd7..92b20a5a01 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -504,7 +504,7 @@ static bool buildCertificate(Security::CertPointer & cert, Ssl::CertificatePrope
     if (aTime) {
         if (!X509_set1_notAfter(cert.get(), aTime))
             return false;
-    } else if (!X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60*60*24*356*3))
+    } else if (!X509_gmtime_adj(X509_getm_notAfter(cert.get()), 60*60*24*365*3))
         return false;
 
     int addedExtensions = 0;