CVSROOT: /cvs
Module name: src
Changes by: st...@cvs.openbsd.org 2019/02/26 07:21:30
Modified files:
usr.sbin/ikectl: ikeca.c
Log message:
ikectl's built-in CA command for simple configurations has a fixed certificate
validity for the ca certificate. Raise this from 365 days to 4500 as expiry
means
installing new CA certificates on all client machines which can cause
significant
pain. This doesn't change the default validity for server certificates which
remains at 1 year (controlled by ikeca.cnf) - refreshing key and certificate
on these can be done easily without visiting all machines. ok deraadt@
