diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo index 03e61c9..30dc8c6 100644 --- a/tool/cmdline.ggo +++ b/tool/cmdline.ggo @@ -57,6 +57,7 @@ option "subject" S "The subject to use for certificate request" string optional text " The subject must be written as: /CN=host.example.com/OU=test/O=example.com/\n" +option "valid-days" - "Time (in days) until the self-signed certificate expires" int optional default="365" option "pin" P "Pin/puk code for verification" string optional option "new-pin" N "New pin/puk code for changing" string optional dependon="pin" option "pin-policy" - "Set pin policy for action generate or import-key" values="never","once","always" enum optional diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index ae048e2..2e471ec 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -781,7 +781,7 @@ request_out: static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_format, const char *input_file_name, const char *slot, char *subject, enum enum_hash hash, - const char *output_file_name) { + const int validDays, const char *output_file_name) { FILE *input_file = NULL; FILE *output_file = NULL; bool ret = false; @@ -855,7 +855,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo fprintf(stderr, "Failed to set certificate notBefore.\n"); goto selfsign_out; } - if(!X509_gmtime_adj(X509_get_notAfter(x509), 31536000L)) { + if(!X509_gmtime_adj(X509_get_notAfter(x509), 60L * 60L * 24L * validDays)) { fprintf(stderr, "Failed to set certificate notAfter.\n"); goto selfsign_out; } @@ -1986,7 +1986,7 @@ int main(int argc, char *argv[]) { case action_arg_selfsignMINUS_certificate: if(selfsign_certificate(state, args_info.key_format_arg, args_info.input_arg, args_info.slot_orig, args_info.subject_arg, args_info.hash_arg, - args_info.output_arg) == false) { + args_info.valid_days_arg, args_info.output_arg) == false) { ret = EXIT_FAILURE; } else { fprintf(stderr, "Successfully generated a new self signed certificate.\n");