Go back to 10-year certificate validity periods (#2174).

diff --git a/cscript b/cscript
index fd30ff30a1cb788235ccd8953c7995d9d07330c7..ec52abdd7f13b2990079bebfaf70d3cdb5f51f8a 100644 (file)
--- a/cscript
+++ b/cscript
@@ -432,8 +432,8 @@ def dependencies(target, options):
         # Use distro-provided FFmpeg on Arch
         deps = []
 
-    deps.append(('libdcp', '24e7ed8'))
-    deps.append(('libsub', 'bc00091'))
+    deps.append(('libdcp', 'e579b4c'))
+    deps.append(('libsub', 'f24a2c1'))
     deps.append(('leqm-nrt', '93ae9e6'))
     deps.append(('rtaudio', 'f619b76'))
     # We get our OpenSSL libraries from the environment, but we

diff --git a/src/lib/config.cc b/src/lib/config.cc
index 463778887af03b05280177ff3e819c5c56f13bf4..cd0fce6a4a49f4f3c1040c6254abb098f51f41f3 100644 (file)
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -212,6 +212,7 @@ Config::create_certificate_chain ()
 {
        return make_shared<dcp::CertificateChain> (
                openssl_path(),
+               CERTIFICATE_VALIDITY_PERIOD,
                "dcpomatic.com",
                "dcpomatic.com",
                ".dcpomatic.smpte-430-2.ROOT",

diff --git a/src/lib/util.h b/src/lib/util.h
index dbcb9b81e4be48d168e21b025955a34d2ec56136..f28e003c3fb84a7c69bec111c14e4c94e652412e 100644 (file)
--- a/src/lib/util.h
+++ b/src/lib/util.h
@@ -74,6 +74,7 @@ namespace dcp {
 /** Maximum size of the XML part of a closed caption file, according to SMPTE Bv2.1 */
 #define MAX_CLOSED_CAPTION_XML_SIZE (256 * 1024)
 #define MAX_CLOSED_CAPTION_XML_SIZE_TEXT "256KB"
+#define CERTIFICATE_VALIDITY_PERIOD (10 * 365)
 
 extern std::string program_name;
 extern bool is_batch_converter;

diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc
index 514a6cde6fad37e0cabf2d978fad418796ebd541..c5879d3bbd3d31da6af802ffa631b484b436218b 100644 (file)
--- a/src/wx/config_dialog.cc
+++ b/src/wx/config_dialog.cc
@@ -583,6 +583,7 @@ CertificateChainEditor::remake_certificates ()
                _set (
                        make_shared<dcp::CertificateChain> (
                                openssl_path (),
+                               CERTIFICATE_VALIDITY_PERIOD,
                                d->organisation (),
                                d->organisational_unit (),
                                d->root_common_name (),

diff --git a/test/import_dcp_test.cc b/test/import_dcp_test.cc
index 46deea53931480b2bb35965f548245036d7e9bc8..cfac511b32e9e78f285eab944e58f8436b781a5c 100644 (file)
--- a/test/import_dcp_test.cc
+++ b/test/import_dcp_test.cc
@@ -72,9 +72,8 @@ BOOST_AUTO_TEST_CASE (import_dcp_test)
        dcp::DCP A_dcp ("build/test/import_dcp_test/" + A->dcp_name());
        A_dcp.read ();
 
-       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path()));
+       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path(), CERTIFICATE_VALIDITY_PERIOD));
 
-       /* Dear future-carl: I suck!  I thought you wouldn't still be running these tests in 2030!  Sorry! */
        auto kdm = A->make_kdm (
                Config::instance()->decryption_chain()->leaf (),
                vector<string>(),

diff --git a/test/vf_kdm_test.cc b/test/vf_kdm_test.cc
index 5248ee798d7bb328001650fcf0811f85048f8510..ff7c07b73ca86fdbf018589c28eb1e7dc9ee3608 100644 (file)
--- a/test/vf_kdm_test.cc
+++ b/test/vf_kdm_test.cc
@@ -66,7 +66,7 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test)
        dcp::DCP A_dcp ("build/test/vf_kdm_test_ov/" + A->dcp_name());
        A_dcp.read ();
 
-       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path()));
+       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path(), CERTIFICATE_VALIDITY_PERIOD));
 
        auto A_kdm = A->make_kdm (
                Config::instance()->decryption_chain()->leaf(),