From a88e6a4c5fb3989ed92adab9879225d6ed3db2c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20B=C3=A9raud?= <adrien.beraud@savoirfairelinux.com>
Date: Fri, 2 Dec 2016 12:59:03 -0500
Subject: [PATCH] crypto: make CRL default expiration same as certificate

---
 include/opendht/crypto.h | 4 +++-
 src/crypto.cpp           | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h
index f961c59e..5fb9ae17 100644
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -333,6 +333,7 @@ class OPENDHT_PUBLIC RevocationList
 {
     using clock = std::chrono::system_clock;
     using time_point = clock::time_point;
+    using duration = clock::duration;
 public:
     RevocationList();
     RevocationList(const Blob& b);
@@ -365,8 +366,9 @@ public:
 
     /**
      * Sign this revocation list using provided key and certificate.
+     * Validity_period sets the duration until expiration (default to certificate expiration).
      */
-    void sign(const PrivateKey&, const Certificate&);
+    void sign(const PrivateKey&, const Certificate&, duration validity_period = {});
     void sign(const Identity& id) { sign(*id.first, *id.second); }
 
     bool isSignedBy(const Certificate& issuer) const;
diff --git a/src/crypto.cpp b/src/crypto.cpp
index c00781bc..784ce0f9 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -976,12 +976,12 @@ T endian(T w, Endian endian = Endian::BIG)
 }
 
 void
-RevocationList::sign(const PrivateKey& key, const Certificate& ca)
+RevocationList::sign(const PrivateKey& key, const Certificate& ca, duration validity)
 {
     if (auto err = gnutls_x509_crl_set_version(crl, 2))
         throw CryptoException(std::string("Can't set CRL version: ") + gnutls_strerror(err));
     auto now = std::chrono::system_clock::now();
-    auto next_update = now + std::chrono::hours(24*7);
+    auto next_update = (validity == duration{}) ? ca.getExpiration() : now + validity;
     if (auto err = gnutls_x509_crl_set_this_update(crl, std::chrono::system_clock::to_time_t(now)))
         throw CryptoException(std::string("Can't set CRL update time: ") + gnutls_strerror(err));
     if (auto err = gnutls_x509_crl_set_next_update(crl, std::chrono::system_clock::to_time_t(next_update)))
-- 
GitLab