Warn if the signing certificates have a validity period > 10 years (#2174).

2 files changed, 9 insertions, 3 deletions

diff --git a/src/lib/config.cc b/src/lib/config.cc
index abf0eb42b..371682966 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -456,6 +456,9 @@ try
 		if (i.has_utf8_strings()) {
 			bad = BAD_SIGNER_UTF8_STRINGS;
 		}
+		if ((i.not_after().year() - i.not_before().year()) > 15) {
+			bad = BAD_SIGNER_VALIDITY_TOO_LONG;
+		}
 	}
 
 	if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
@@ -472,6 +475,7 @@ try
 			switch (*bad) {
 			case BAD_SIGNER_UTF8_STRINGS:
 			case BAD_SIGNER_INCONSISTENT:
+			case BAD_SIGNER_VALIDITY_TOO_LONG:
 				_signer_chain = create_certificate_chain ();
 				break;
 			case BAD_DECRYPTION_INCONSISTENT:
diff --git a/src/lib/config.h b/src/lib/config.h
index 19e05608c..6e197d36d 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -402,6 +402,7 @@ public:
 		NAG_DELETE_DKDM,
 		NAG_32_ON_64,
 		NAG_TOO_MANY_DROPPED_FRAMES,
+		NAG_BAD_SIGNER_CHAIN_VALIDITY,
 		NAG_COUNT
 	};
 
@@ -1059,9 +1060,10 @@ public:
 	 *  true to ask Config to solve the problem (by discarding and recreating the bad thing)
 	 */
 	enum BadReason {
-		BAD_SIGNER_UTF8_STRINGS,     ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
-		BAD_SIGNER_INCONSISTENT,     ///< signer chain is somehow inconsistent
-		BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+		BAD_SIGNER_UTF8_STRINGS,      ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
+		BAD_SIGNER_INCONSISTENT,      ///< signer chain is somehow inconsistent
+		BAD_DECRYPTION_INCONSISTENT,  ///< KDM decryption chain is somehow inconsistent
+		BAD_SIGNER_VALIDITY_TOO_LONG, ///< signer certificate validity periods are >10 years
 	};
 
 	static boost::signals2::signal<bool (BadReason)> Bad;