From ab79bb0313d3bf7c5c1a5853baae176e87c59050 Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Wed, 8 Apr 2020 08:04:44 +0200
Subject: reduce leaf certificate lifetime to one year

Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date.
---
 mitmproxy/certs.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'mitmproxy')

diff --git a/mitmproxy/certs.py b/mitmproxy/certs.py
index d574c027..a37d29bc 100644
--- a/mitmproxy/certs.py
+++ b/mitmproxy/certs.py
@@ -15,8 +15,8 @@ import OpenSSL
 from mitmproxy.coretypes import serializable
 
 # Default expiry must not be too long: https://github.com/mitmproxy/mitmproxy/issues/815
-DEFAULT_EXP = 94608000  # = 24 * 60 * 60 * 365 * 3
-DEFAULT_EXP_DUMMY_CERT = 63072000  # = 2 years
+DEFAULT_EXP = 94608000  # = 60 * 60 * 24 * 365 * 3 = 3 years
+DEFAULT_EXP_DUMMY_CERT = 31536000  # = 60 * 60 * 24 * 365 = 1 year
 
 # Generated with "openssl dhparam". It's too slow to generate this on startup.
 DEFAULT_DHPARAM = b"""
-- 
cgit v1.2.3