From a74110245808014a62f620f63a5c00128411987f Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 6 Dec 2012 03:20:22 +0000
Subject: [PATCH] etc/config.tcl: Fix the validity duration for certificates.

I misremembered that the durations are measured in hours, not days.
But actually 28 hours isn't enough, because hosts refresh their cache
of the certificate store at different times of night: we must have the
new certificates ready for the early risers, and the old ones must
still be valid until time that the late risers are done.
---
 etc/config.tcl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/config.tcl b/etc/config.tcl
index 47e61b6..84a7651 100644
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -16,14 +16,14 @@ set P(tls-client) {
   extensions tls-client-extensions
   issue-time "*-*-* 03:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
 }
 
 set P(tls-server) {
   extensions tls-server-extensions
   issue-time "*-*-* 03:00:00"
   start-skew 1
-  expire-interval 2
+  expire-interval 32
 }
 
 proc update-hook {} {
-- 
2.11.0