forked from TrueCloudLab/certificates
Use default duration for host certificates identity files.
This commit is contained in:
parent
e29892e9eb
commit
7b81bec8aa
1 changed files with 7 additions and 3 deletions
|
@ -306,10 +306,14 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
|
||||||
// Sign identity certificate if available.
|
// Sign identity certificate if available.
|
||||||
var identityCertificate []Certificate
|
var identityCertificate []Certificate
|
||||||
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
|
if cr := body.IdentityCSR.CertificateRequest; cr != nil {
|
||||||
opts := provisioner.Options{
|
var opts provisioner.Options
|
||||||
|
// Use same duration as ssh certificate for user certificates
|
||||||
|
if body.CertType == provisioner.SSHUserCert {
|
||||||
|
opts = provisioner.Options{
|
||||||
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
|
NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
|
||||||
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
|
NotAfter: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),
|
||||||
}
|
}
|
||||||
|
}
|
||||||
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
|
ctx := authority.NewContextWithSkipTokenReuse(context.Background())
|
||||||
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
ctx = provisioner.NewContextWithMethod(ctx, provisioner.SignMethod)
|
||||||
signOpts, err := h.Authority.Authorize(ctx, body.OTT)
|
signOpts, err := h.Authority.Authorize(ctx, body.OTT)
|
||||||
|
|
Loading…
Reference in a new issue