diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h index f961c59e415170850456eed1ef71146f6c7f2014..5fb9ae178b963ec508a452d15191bbc0ae0603c3 100644 --- a/include/opendht/crypto.h +++ b/include/opendht/crypto.h @@ -333,6 +333,7 @@ class OPENDHT_PUBLIC RevocationList { using clock = std::chrono::system_clock; using time_point = clock::time_point; + using duration = clock::duration; public: RevocationList(); RevocationList(const Blob& b); @@ -365,8 +366,9 @@ public: /** * Sign this revocation list using provided key and certificate. + * Validity_period sets the duration until expiration (default to certificate expiration). */ - void sign(const PrivateKey&, const Certificate&); + void sign(const PrivateKey&, const Certificate&, duration validity_period = {}); void sign(const Identity& id) { sign(*id.first, *id.second); } bool isSignedBy(const Certificate& issuer) const; diff --git a/src/crypto.cpp b/src/crypto.cpp index c00781bc0ee60ceacdc9c94a4f5a8260da910478..784ce0f93ae866ee1b384560f78f2565c6d1246f 100644 --- a/src/crypto.cpp +++ b/src/crypto.cpp @@ -976,12 +976,12 @@ T endian(T w, Endian endian = Endian::BIG) } void -RevocationList::sign(const PrivateKey& key, const Certificate& ca) +RevocationList::sign(const PrivateKey& key, const Certificate& ca, duration validity) { if (auto err = gnutls_x509_crl_set_version(crl, 2)) throw CryptoException(std::string("Can't set CRL version: ") + gnutls_strerror(err)); auto now = std::chrono::system_clock::now(); - auto next_update = now + std::chrono::hours(24*7); + auto next_update = (validity == duration{}) ? ca.getExpiration() : now + validity; if (auto err = gnutls_x509_crl_set_this_update(crl, std::chrono::system_clock::to_time_t(now))) throw CryptoException(std::string("Can't set CRL update time: ") + gnutls_strerror(err)); if (auto err = gnutls_x509_crl_set_next_update(crl, std::chrono::system_clock::to_time_t(next_update)))