Go back to 10-year certificate validity periods (#2174).

diff --git a/cscript b/cscript
index 390978de5baef1335ba480bbc9c75a935797f0e4..d2a9cf8a87507ba5e45e5e44962f9032e9a8da6d 100644 (file)
--- a/cscript
+++ b/cscript
@@ -432,8 +432,8 @@ def dependencies(target, options):
         # Use distro-provided FFmpeg on Arch
         deps = []
 
-    deps.append(('libdcp', 'v1.8.6'))
-    deps.append(('libsub', 'v1.6.6'))
+    deps.append(('libdcp', 'v1.8.7'))
+    deps.append(('libsub', 'v1.6.7'))
     deps.append(('leqm-nrt', '93ae9e6'))
     deps.append(('rtaudio', 'f619b76'))
     # We get our OpenSSL libraries from the environment, but we

diff --git a/src/lib/config.cc b/src/lib/config.cc
index 0d70c16fc4d493cdd19e84ae1f9bb3d16c950d71..abf0eb42bcf6a19d3d2ab4088c618f65c2f9cfc6 100644 (file)
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -204,6 +204,7 @@ Config::create_certificate_chain ()
 {
        return make_shared<dcp::CertificateChain> (
                openssl_path(),
+               CERTIFICATE_VALIDITY_PERIOD,
                "dcpomatic.com",
                "dcpomatic.com",
                ".dcpomatic.smpte-430-2.ROOT",

diff --git a/src/lib/util.h b/src/lib/util.h
index 10c5678ffd37f72c4b0e37c0d450f18ad950efa3..cbf4b491b8f31acdf6ebc243eb7696d132128222 100644 (file)
--- a/src/lib/util.h
+++ b/src/lib/util.h
@@ -78,6 +78,7 @@ namespace dcp {
 /** Maximum size of the XML part of a closed caption file, according to SMPTE Bv2.1 */
 #define MAX_CLOSED_CAPTION_XML_SIZE (256 * 1024)
 #define MAX_CLOSED_CAPTION_XML_SIZE_TEXT "256KB"
+#define CERTIFICATE_VALIDITY_PERIOD (10 * 365)
 
 extern std::string program_name;
 extern bool is_batch_converter;

diff --git a/src/wx/config_dialog.cc b/src/wx/config_dialog.cc
index 514a6cde6fad37e0cabf2d978fad418796ebd541..c5879d3bbd3d31da6af802ffa631b484b436218b 100644 (file)
--- a/src/wx/config_dialog.cc
+++ b/src/wx/config_dialog.cc
@@ -583,6 +583,7 @@ CertificateChainEditor::remake_certificates ()
                _set (
                        make_shared<dcp::CertificateChain> (
                                openssl_path (),
+                               CERTIFICATE_VALIDITY_PERIOD,
                                d->organisation (),
                                d->organisational_unit (),
                                d->root_common_name (),

diff --git a/test/import_dcp_test.cc b/test/import_dcp_test.cc
index 46deea53931480b2bb35965f548245036d7e9bc8..cfac511b32e9e78f285eab944e58f8436b781a5c 100644 (file)
--- a/test/import_dcp_test.cc
+++ b/test/import_dcp_test.cc
@@ -72,9 +72,8 @@ BOOST_AUTO_TEST_CASE (import_dcp_test)
        dcp::DCP A_dcp ("build/test/import_dcp_test/" + A->dcp_name());
        A_dcp.read ();
 
-       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path()));
+       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path(), CERTIFICATE_VALIDITY_PERIOD));
 
-       /* Dear future-carl: I suck!  I thought you wouldn't still be running these tests in 2030!  Sorry! */
        auto kdm = A->make_kdm (
                Config::instance()->decryption_chain()->leaf (),
                vector<string>(),

diff --git a/test/vf_kdm_test.cc b/test/vf_kdm_test.cc
index 5248ee798d7bb328001650fcf0811f85048f8510..ff7c07b73ca86fdbf018589c28eb1e7dc9ee3608 100644 (file)
--- a/test/vf_kdm_test.cc
+++ b/test/vf_kdm_test.cc
@@ -66,7 +66,7 @@ BOOST_AUTO_TEST_CASE (vf_kdm_test)
        dcp::DCP A_dcp ("build/test/vf_kdm_test_ov/" + A->dcp_name());
        A_dcp.read ();
 
-       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path()));
+       Config::instance()->set_decryption_chain (make_shared<dcp::CertificateChain>(openssl_path(), CERTIFICATE_VALIDITY_PERIOD));
 
        auto A_kdm = A->make_kdm (
                Config::instance()->decryption_chain()->leaf(),