Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate CA Certificates that are valid for a bit further back in time (bug #1352944). #601

Merged
merged 2 commits into from Aug 26, 2014
Merged

Generate CA Certificates that are valid for a bit further back in time (bug #1352944). #601

merged 2 commits into from Aug 26, 2014

Conversation

jameinel
Copy link
Member

See bug #1352944. We were generating certificates that were valid 5 minutes ago, to avoid
problems with the clock on the client being out of sync with the clock on the server, but
it seems 5 minutes isn't quite enough to account for real world clock skew. So bump it
up to 1 week.

@jameinel
Generate CA Certificates that are valid for a bit further back in time.
a4e90f4 
See bug #1352944. We were generating certificates that were valid 5 minutes ago, to avoid
problems with the clock on the client being out of sync with the clock on the server, but
it seems 5 minutes isn't quite enough to account for real world clock skew. So bump it
up to 1 week.
dimitern
dimitern reviewed Aug 25, 2014
View reviewed changes
cert/cert_test.go
c.Assert(caCert.NotAfter.Equal(expiry), gc.Equals, true)
c.Assert(caCert.BasicConstraintsValid, gc.Equals, true)
c.Assert(caCert.IsCA, gc.Equals, true)
c.Check(caKey, gc.FitsTypeOf, (*rsa.PrivateKey)(nil))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see a comment what we're testing here (i.e. making sure the cert is valid for 1 week before "now").

@dimitern
Copy link

LGTM, with a couple of comments where relevant to explain the expiration policy.

@jameinel
add some comments about what we are testing.
ad83ea2 
Also, do the same work for Server and Client certs as well as the CA cert.
@jameinel
Copy link
Member Author

I added the comments, and I realized we want to update the CA Cert, but we also want to update the Server and Client certs, so I did so.

@jameinel
Copy link
Member Author

$$merge$$

@jujubot
Copy link
Collaborator

jujubot commented Aug 25, 2014

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

@jujubot
Copy link
Collaborator

jujubot commented Aug 25, 2014

Build failed: Tests failed
build url: http://juju-ci.vapour.ws:8080/job/github-merge-juju/411

@jameinel
Copy link
Member Author

$$merge$$

@jujubot
Copy link
Collaborator

jujubot commented Aug 25, 2014

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

@jujubot
Copy link
Collaborator

jujubot commented Aug 25, 2014

Build failed: Tests failed
build url: http://juju-ci.vapour.ws:8080/job/github-merge-juju/413

@jameinel
Copy link
Member Author

$$merge$$

@jujubot
Copy link
Collaborator

jujubot commented Aug 26, 2014

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

jujubot added a commit that referenced this pull request Aug 26, 2014
@jujubot
Merge pull request #601 from jameinel/week-old-certs-1352944
07d4a1e 
Generate CA Certificates that are valid for a bit further back in time (bug #1352944).

See bug #1352944. We were generating certificates that were valid 5 minutes ago, to avoid
problems with the clock on the client being out of sync with the clock on the server, but
it seems 5 minutes isn't quite enough to account for real world clock skew. So bump it
up to 1 week.
@jujubot jujubot merged commit 07d4a1e into juju:master Aug 26, 2014
@jameinel jameinel deleted the week-old-certs-1352944 branch December 13, 2016 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@jameinel @dimitern @jujubot