Warn if the signing certificates have a validity period > 10 years (#2174).

author: Carl Hetherington <cth@carlh.net> 2022-02-12 23:11:44 +0100
committer: Carl Hetherington <cth@carlh.net> 2022-02-12 23:15:31 +0100
commit: 3e6b2d886961177c8d89b3f9168393d33c13bff2 (patch)
tree: 34db251b8c936579d91a549a4a40928c413396a4 /src/lib/config.h
parent: 9bda3fda70912d73266a2dbac5470ca23d2ff6fd (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/config.h b/src/lib/config.h
index 19e05608c..6e197d36d 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -402,6 +402,7 @@ public:
 		NAG_DELETE_DKDM,
 		NAG_32_ON_64,
 		NAG_TOO_MANY_DROPPED_FRAMES,
+		NAG_BAD_SIGNER_CHAIN_VALIDITY,
 		NAG_COUNT
 	};
 
@@ -1059,9 +1060,10 @@ public:
 	 *  true to ask Config to solve the problem (by discarding and recreating the bad thing)
 	 */
 	enum BadReason {
-		BAD_SIGNER_UTF8_STRINGS,     ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
-		BAD_SIGNER_INCONSISTENT,     ///< signer chain is somehow inconsistent
-		BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+		BAD_SIGNER_UTF8_STRINGS,      ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
+		BAD_SIGNER_INCONSISTENT,      ///< signer chain is somehow inconsistent
+		BAD_DECRYPTION_INCONSISTENT,  ///< KDM decryption chain is somehow inconsistent
+		BAD_SIGNER_VALIDITY_TOO_LONG, ///< signer certificate validity periods are >10 years
 	};
 
 	static boost::signals2::signal<bool (BadReason)> Bad;
author	Carl Hetherington <cth@carlh.net>	2022-02-12 23:11:44 +0100
committer	Carl Hetherington <cth@carlh.net>	2022-02-12 23:15:31 +0100
commit	3e6b2d886961177c8d89b3f9168393d33c13bff2 (patch)
tree	34db251b8c936579d91a549a4a40928c413396a4 /src/lib/config.h
parent	9bda3fda70912d73266a2dbac5470ca23d2ff6fd (diff)