Set default cert expiry to <39 months

This sould fix mitmproxy/mitmproxy#815
author: Maximilian Hils <git@maximilianhils.com> 2015-11-04 11:28:02 +0100
committer: Maximilian Hils <git@maximilianhils.com> 2015-11-04 11:28:02 +0100
commit: 9d12425d5ee942ee3d954a9324c31b74f466d520 (patch)
tree: 87b2ab04cf533f1eb0e39727c809d13fdcbb667d /netlib
parent: 9d36f8e43fc7a3b3c4bf10a8c1b9819da8999dad (diff)
download: mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.tar.gz
mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.tar.bz2
mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/netlib/certutils.py b/netlib/certutils.py
index b3ddcbe4..69530245 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -12,7 +12,8 @@ from pyasn1.codec.der.decoder import decode
 from pyasn1.error import PyAsn1Error
 import OpenSSL
 
-DEFAULT_EXP = 157680000  # = 24 * 60 * 60 * 365 * 5
+# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
+DEFAULT_EXP = 94608000  # = 24 * 60 * 60 * 365 * 3
 # Generated with "openssl dhparam". It's too slow to generate this on startup.
 DEFAULT_DHPARAM = b"""
 -----BEGIN DH PARAMETERS-----
author	Maximilian Hils <git@maximilianhils.com>	2015-11-04 11:28:02 +0100
committer	Maximilian Hils <git@maximilianhils.com>	2015-11-04 11:28:02 +0100
commit	9d12425d5ee942ee3d954a9324c31b74f466d520 (patch)
tree	87b2ab04cf533f1eb0e39727c809d13fdcbb667d /netlib
parent	9d36f8e43fc7a3b3c4bf10a8c1b9819da8999dad (diff)
download	mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.tar.gz mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.tar.bz2 mitmproxy-9d12425d5ee942ee3d954a9324c31b74f466d520.zip