From a081ba64306bf7f8e03aa9644facbbc027a2e37c Mon Sep 17 00:00:00 2001
From: "[OSC] Sven Schliesing" <s.schliesing@ndr.de>
Date: Tue, 31 Jul 2018 10:19:43 +0200
Subject: Add DEFAULT_EXP_DUMMY_CERT and set to 90 days

Helps with Chrome's "certificates can not be valid longer than 27,5 month"
Fixes #3273
---
 mitmproxy/certs.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
index 9a864cbc..a5c64a39 100644
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@@ -15,6 +15,7 @@ from mitmproxy.coretypes import serializable
 
 # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
 DEFAULT_EXP = 94608000  # = 24 * 60 * 60 * 365 * 3
+DEFAULT_EXP_DUMMY_CERT = 7776000  # = 90 days
 
 # Generated with "openssl dhparam". It's too slow to generate this on startup.
 DEFAULT_DHPARAM = b"""
@@ -101,7 +102,7 @@ def dummy_cert(privkey, cacert, commonname, sans):
 
     cert = OpenSSL.crypto.X509()
     cert.gmtime_adj_notBefore(-3600 * 48)
-    cert.gmtime_adj_notAfter(DEFAULT_EXP)
+    cert.gmtime_adj_notAfter(DEFAULT_EXP_DUMMY_CERT)
     cert.set_issuer(cacert.get_subject())
     if commonname is not None and len(commonname) < 64:
         cert.get_subject().CN = commonname
-- 
cgit v1.2.3