Download raw body.
ikectl revoke: do not hardcode crl lifetime
CRL lifetime is supposedly configurable via ikeca.cnf. However, the
default "revoke" command in ikectl overrides this to 365 days.
ok?
Index: ikeca.c
===================================================================
RCS file: /home/cvs/src/usr.sbin/ikectl/ikeca.c,v
diff -u -p -r1.51 ikeca.c
--- ikeca.c 23 Jan 2021 22:04:55 -0000 1.51
+++ ikeca.c 25 Nov 2024 16:49:26 -0000
@@ -1034,7 +1034,7 @@ ca_revoke(struct ca *ca, char *keyname)
err(1, "%s: snprintf", __func__);
char *cmd[] = { PATH_OPENSSL, "ca", "-config", ca->sslcnf,
"-keyfile", cakey, "-passin", ca->passfile, "-gencrl",
- "-cert", cacrt, "-crldays", "365", "-out", path, ca->batch, NULL };
+ "-cert", cacrt, "-out", path, ca->batch, NULL };
ca_execv(cmd);
return (0);
ikectl revoke: do not hardcode crl lifetime