From 9d12425d5ee942ee3d954a9324c31b74f466d520 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Wed, 4 Nov 2015 11:28:02 +0100
Subject: Set default cert expiry to <39 months

This sould fix mitmproxy/mitmproxy#815
---
 netlib/certutils.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'netlib/certutils.py')

diff --git a/netlib/certutils.py b/netlib/certutils.py
index b3ddcbe4..69530245 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -12,7 +12,8 @@ from pyasn1.codec.der.decoder import decode
 from pyasn1.error import PyAsn1Error
 import OpenSSL
 
-DEFAULT_EXP = 157680000  # = 24 * 60 * 60 * 365 * 5
+# Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
+DEFAULT_EXP = 94608000  # = 24 * 60 * 60 * 365 * 3
 # Generated with "openssl dhparam". It's too slow to generate this on startup.
 DEFAULT_DHPARAM = b"""
 -----BEGIN DH PARAMETERS-----
-- 
cgit v1.2.3