crypto: make CRL default expiration same as certificate

a88e6a4c · Adrien Béraud · c776dad9 · a88e6a4c · a88e6a4c
Commit a88e6a4c authored 8 years ago by Adrien Béraud
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -333,6 +333,7 @@ class OPENDHT_PUBLIC RevocationList
 {
    using clock = std::chrono::system_clock;
    using time_point = clock::time_point;
+    using duration = clock::duration;
 public:
    RevocationList();
    RevocationList(const Blob& b);
@@ -365,8 +366,9 @@ public:
    /**
     * Sign this revocation list using provided key and certificate.
+     * Validity_period sets the duration until expiration (default to certificate expiration).
     */
-    void sign(const PrivateKey&, const Certificate&);
+    void sign(const PrivateKey&, const Certificate&, duration validity_period = {});
    void sign(const Identity& id) { sign(*id.first, *id.second); }
    bool isSignedBy(const Certificate& issuer) const;

--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -976,12 +976,12 @@ T endian(T w, Endian endian = Endian::BIG)
 }
 void
-RevocationList::sign(const PrivateKey& key, const Certificate& ca)
+RevocationList::sign(const PrivateKey& key, const Certificate& ca, duration validity)
 {
    if (auto err = gnutls_x509_crl_set_version(crl, 2))
        throw CryptoException(std::string("Can't set CRL version: ") + gnutls_strerror(err));
    auto now = std::chrono::system_clock::now();
-    auto next_update = now + std::chrono::hours(24*7);
+    auto next_update = (validity == duration{}) ? ca.getExpiration() : now + validity;
    if (auto err = gnutls_x509_crl_set_this_update(crl, std::chrono::system_clock::to_time_t(now)))
        throw CryptoException(std::string("Can't set CRL update time: ") + gnutls_strerror(err));
    if (auto err = gnutls_x509_crl_set_next_update(crl, std::chrono::system_clock::to_time_t(next_update)))