Warn if the signing certificates have a validity period > 10 years (#2174).

[dcpomatic.git] / src / tools / dcpomatic.cc

diff --git a/src/tools/dcpomatic.cc b/src/tools/dcpomatic.cc
index a273d008b11948e56aeaba42d784c59bbf08a42e..9990f05ad67953e81bf2e096567fc3419fb80ba1 100644 (file)
--- a/src/tools/dcpomatic.cc
+++ b/src/tools/dcpomatic.cc
@@ -1822,6 +1822,23 @@ private:
                        d->Destroy ();
                        return r == wxID_OK;
                }
+               case Config::BAD_SIGNER_VALIDITY_TOO_LONG:
+               {
+                       if (config->nagged(Config::NAG_BAD_SIGNER_CHAIN_VALIDITY)) {
+                               return false;
+                       }
+                       auto d = new RecreateChainDialog (
+                               _frame, _("Recreate signing certificates"),
+                               _("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period\n"
+                                 "that is too long.  This will cause problems playing back DCPs on some systems.\n"
+                                 "Do you want to re-create the certificate chain for signing DCPs and KDMs?"),
+                               _("Do nothing"),
+                               Config::NAG_BAD_SIGNER_CHAIN_VALIDITY
+                               );
+                       int const r = d->ShowModal ();
+                       d->Destroy ();
+                       return r == wxID_OK;
+               }
                case Config::BAD_SIGNER_INCONSISTENT:
                {
                        auto d = new RecreateChainDialog (