TDE
/
libtdeldap
mirror of https://mirror.git.trinitydesktop.org/gitea/TDE/libtdeldap
0
0
Fork 0
Code Issues Releases Wiki Activity

Extend CA expiry to 1 year

Browse Source
pull/1/head
Timothy Pearson 9 years ago
parent 8b16aef38d
commit f4afc1290d
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

5
src/libtdeldap.cpp
Unescape View File

@ -3804,8 +3804,9 @@ TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) {
int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) {
TQString command;
command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
TQString subject;
subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress);
command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(KERBEROS_PKI_PEMKEY_EXPIRY_DAYS).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject);
if (system(command) < 0) {
printf("ERROR: Execution of \"%s\" failed!\n", command.ascii());
return -1;

3
src/libtdeldap.h
Unescape View File

@ -62,6 +62,9 @@
#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs"
#define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater"
// 1 year
#define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365
// Values from hdb.asn1
enum LDAPKRB5Flags {
KRB5_INITIAL = 0x00000001,

Write Preview
Loading…
Cancel
Save