Warn if the signing certificates have a validity period > 10 years (#2174).

diff --git a/src/lib/config.cc b/src/lib/config.cc
index abf0eb42bcf6a19d3d2ab4088c618f65c2f9cfc6..37168296611746e713d1d6bb99b8089c127d5109 100644 (file)
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -456,6 +456,9 @@ try
                if (i.has_utf8_strings()) {
                        bad = BAD_SIGNER_UTF8_STRINGS;
                }
+               if ((i.not_after().year() - i.not_before().year()) > 15) {
+                       bad = BAD_SIGNER_VALIDITY_TOO_LONG;
+               }
        }
 
        if (!_signer_chain->chain_valid() || !_signer_chain->private_key_valid()) {
@@ -472,6 +475,7 @@ try
                        switch (*bad) {
                        case BAD_SIGNER_UTF8_STRINGS:
                        case BAD_SIGNER_INCONSISTENT:
+                       case BAD_SIGNER_VALIDITY_TOO_LONG:
                                _signer_chain = create_certificate_chain ();
                                break;
                        case BAD_DECRYPTION_INCONSISTENT:

diff --git a/src/lib/config.h b/src/lib/config.h
index 19e05608c5e7a0116c7b73d62b3ecae6ca03ab67..6e197d36d2aa51d66a361f96d467b609a5065f7b 100644 (file)
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -402,6 +402,7 @@ public:
                NAG_DELETE_DKDM,
                NAG_32_ON_64,
                NAG_TOO_MANY_DROPPED_FRAMES,
+               NAG_BAD_SIGNER_CHAIN_VALIDITY,
                NAG_COUNT
        };
 
@@ -1059,9 +1060,10 @@ public:
         *  true to ask Config to solve the problem (by discarding and recreating the bad thing)
         */
        enum BadReason {
-               BAD_SIGNER_UTF8_STRINGS,     ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
-               BAD_SIGNER_INCONSISTENT,     ///< signer chain is somehow inconsistent
-               BAD_DECRYPTION_INCONSISTENT, ///< KDM decryption chain is somehow inconsistent
+               BAD_SIGNER_UTF8_STRINGS,      ///< signer chain contains UTF-8 strings (not PRINTABLESTRING)
+               BAD_SIGNER_INCONSISTENT,      ///< signer chain is somehow inconsistent
+               BAD_DECRYPTION_INCONSISTENT,  ///< KDM decryption chain is somehow inconsistent
+               BAD_SIGNER_VALIDITY_TOO_LONG, ///< signer certificate validity periods are >10 years
        };
 
        static boost::signals2::signal<bool (BadReason)> Bad;

diff --git a/src/tools/dcpomatic.cc b/src/tools/dcpomatic.cc
index a273d008b11948e56aeaba42d784c59bbf08a42e..9990f05ad67953e81bf2e096567fc3419fb80ba1 100644 (file)
--- a/src/tools/dcpomatic.cc
+++ b/src/tools/dcpomatic.cc
@@ -1822,6 +1822,23 @@ private:
                        d->Destroy ();
                        return r == wxID_OK;
                }
+               case Config::BAD_SIGNER_VALIDITY_TOO_LONG:
+               {
+                       if (config->nagged(Config::NAG_BAD_SIGNER_CHAIN_VALIDITY)) {
+                               return false;
+                       }
+                       auto d = new RecreateChainDialog (
+                               _frame, _("Recreate signing certificates"),
+                               _("The certificate chain that DCP-o-matic uses for signing DCPs and KDMs has a validity period\n"
+                                 "that is too long.  This will cause problems playing back DCPs on some systems.\n"
+                                 "Do you want to re-create the certificate chain for signing DCPs and KDMs?"),
+                               _("Do nothing"),
+                               Config::NAG_BAD_SIGNER_CHAIN_VALIDITY
+                               );
+                       int const r = d->ShowModal ();
+                       d->Destroy ();
+                       return r == wxID_OK;
+               }
                case Config::BAD_SIGNER_INCONSISTENT:
                {
                        auto d = new RecreateChainDialog (