From c6fcdcc3b0fdbabc4269269de5136ccf79a0d7fc Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 5 Apr 2015 15:07:25 +0100
Subject: [PATCH] config.tcl: New profile for devices which can't accept
 certificate updates.

---
 etc/config.tcl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/etc/config.tcl b/etc/config.tcl
index 812b1d3..1c0a16c 100644
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -26,6 +26,13 @@ set P(tls-server) {
   expire-interval 32
 }
 
+set P(tls-server-longterm) {
+  extensions tls-server-extensions
+  issue-time "*-*-* 00:00:00"
+  start-skew 1
+  expire-interval 43838
+}
+
 proc update-hook {} {
   exec 2>@stderr rsync -av --delete-after ca.cert crl cert req publish/
   exec 2>@stderr userv root publish-ca
-- 
2.11.0