diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/libtdeldap.cpp | 5 | ||||
-rw-r--r-- | src/libtdeldap.h | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/libtdeldap.cpp b/src/libtdeldap.cpp index 11b0150..0e551b4 100644 --- a/src/libtdeldap.cpp +++ b/src/libtdeldap.cpp @@ -3804,8 +3804,9 @@ TQDateTime LDAPManager::getCertificateExpiration(TQString certfile) { int LDAPManager::generatePublicKerberosCACertificate(LDAPCertConfig certinfo) { TQString command; - - command = TQString("openssl req -key %1 -new -x509 -out %2 -subj \"/C=%3/ST=%4/L=%5/O=%6/OU=%7/CN=%8/emailAddress=%9\"").arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress); + TQString subject; + subject = TQString("\"/C=%1/ST=%2/L=%3/O=%4/OU=%5/CN=%6/emailAddress=%7\"").arg(certinfo.countryName).arg(certinfo.stateOrProvinceName).arg(certinfo.localityName).arg(certinfo.organizationName).arg(certinfo.orgUnitName).arg(certinfo.commonName).arg(certinfo.emailAddress); + command = TQString("openssl req -days %1 -key %2 -new -x509 -out %3 -subj %4").arg(KERBEROS_PKI_PEMKEY_EXPIRY_DAYS).arg(KERBEROS_PKI_PEMKEY_FILE).arg(KERBEROS_PKI_PEM_FILE).arg(subject); if (system(command) < 0) { printf("ERROR: Execution of \"%s\" failed!\n", command.ascii()); return -1; diff --git a/src/libtdeldap.h b/src/libtdeldap.h index 814fc0a..a1573c7 100644 --- a/src/libtdeldap.h +++ b/src/libtdeldap.h @@ -62,6 +62,9 @@ #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_FILE "/etc/cron.daily/tde-upd-pri-rlm-certs" #define CRON_UPDATE_PRIMARY_REALM_CERTIFICATES_COMMAND TDE_BINDIR "/primaryrccertupdater" +// 1 year +#define KERBEROS_PKI_PEMKEY_EXPIRY_DAYS 365 + // Values from hdb.asn1 enum LDAPKRB5Flags { KRB5_INITIAL = 0x00000001, |