config.tcl: New profile for devices which can't accept certificate updates.

author Mark Wooding <mdw@distorted.org.uk>

Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)
diff --git a/etc/config.tcl b/etc/config.tcl

index 812b1d3..1c0a16c 100644 (file)
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -26,6 +26,13 @@ set P(tls-server) {
    expire-interval 32
  }
  
+set P(tls-server-longterm) {
+  extensions tls-server-extensions
+  issue-time "*-*-* 00:00:00"
+  start-skew 1
+  expire-interval 43838
+}
+
  proc update-hook {} {
    exec 2>@stderr rsync -av --delete-after ca.cert crl cert req publish/
    exec 2>@stderr userv root publish-ca
author	Mark Wooding <mdw@distorted.org.uk>
	Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sun, 5 Apr 2015 14:07:25 +0000 (15:07 +0100)