miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix cert expiration warnings 

Spotted by @CommanderRoot -- thanks!
This commit is contained in:
Frank Denis 2018-01-31 17:11:08 +01:00
parent e91ce9eb3d
commit 22e63774a1
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dnscrypt-proxy/dnscrypt_certs.go
View File

@ -84,12 +84,12 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk
if ttl > 86400*7 { if ttl > 86400*7 {
dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400) dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
daysLeft := (tsEnd - now) / 86400 daysLeft := (tsEnd - now) / 86400
if daysLeft <= 30 { if daysLeft < 1 {
dlog.Infof("[%v] certificate will expire in %d days", providerName, daysLeft) dlog.Criticalf("[%v] certificate will expire today -- Switch to a different resolver as soon as possible", providerName)
} else if daysLeft <= 7 { } else if daysLeft <= 7 {
dlog.Warnf("[%v] certificate is about to expire -- if you don't manage this server, tell the server operator about it", providerName) dlog.Warnf("[%v] certificate is about to expire -- if you don't manage this server, tell the server operator about it", providerName)
} else if daysLeft < 1 { } else if daysLeft <= 30 {
dlog.Criticalf("[%v] certificate will expire today -- Switch to a different resolver as soon as possible", providerName) dlog.Infof("[%v] certificate will expire in %d days", providerName, daysLeft)
} }
certInfo.ForwardSecurity = false certInfo.ForwardSecurity = false
} else { } else {