diff options
author | Maximilian Hils <git@maximilianhils.com> | 2020-04-08 08:04:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-08 08:04:44 +0200 |
commit | ab79bb0313d3bf7c5c1a5853baae176e87c59050 (patch) | |
tree | 28039ecdf76368b07f6635aca1e7e17f9c83975a /mitmproxy | |
parent | fbe296aaba774b01348a55a6c9e10097bfd61b60 (diff) | |
download | mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.tar.gz mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.tar.bz2 mitmproxy-ab79bb0313d3bf7c5c1a5853baae176e87c59050.zip |
reduce leaf certificate lifetime to one year
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.
Diffstat (limited to 'mitmproxy')
-rw-r--r-- | mitmproxy/certs.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py index d574c027..a37d29bc 100644 --- a/mitmproxy/certs.py +++ b/mitmproxy/certs.py @@ -15,8 +15,8 @@ import OpenSSL from mitmproxy.coretypes import serializable # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815 -DEFAULT_EXP = 94608000 # = 24 * 60 * 60 * 365 * 3 -DEFAULT_EXP_DUMMY_CERT = 63072000 # = 2 years +DEFAULT_EXP = 94608000 # = 60 * 60 * 24 * 365 * 3 = 3 years +DEFAULT_EXP_DUMMY_CERT = 31536000 # = 60 * 60 * 24 * 365 = 1 year # Generated with "openssl dhparam". It's too slow to generate this on startup. DEFAULT_DHPARAM = b""" |