miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Warn about certificates that are about to expire

This commit is contained in:
Frank Denis 2018-01-31 00:33:00 +01:00
parent 86adb438e0
commit c3414329b3
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dnscrypt-proxy/dnscrypt_certs.go
View File

@ -83,6 +83,14 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk
ttl := tsEnd - tsBegin
if ttl > 86400*7 {
dlog.Infof("[%v] the key validity period for this server is excessively long (%d days), significantly reducing reliability and forward security.", providerName, ttl/86400)
daysLeft := (tsEnd - now) / 86400
if daysLeft <= 30 {
dlog.Infof("[%v] certificate will expire in %d days", providerName, daysLeft)
} else if daysLeft <= 7 {
dlog.Warnf("[%v] certificate is about to expire -- if you don't manage this server, tell the server operator about it", providerName)
} else if daysLeft < 1 {
dlog.Criticalf("[%v] certificate will expire today -- Switch to a different resolver as soon as possible", providerName)
}
certInfo.ForwardSecurity = false
} else {
certInfo.ForwardSecurity = true