| commit | af8489cd4cffea98de1208b75ea41e4e24e3cdb6 | |
| author | Stefan Becker <chemobejk@gmail.com> | |
| Wed, 21 Nov 2012 14:04:10 +0000 (21 16:04 +0200) | ||
| committer | Stefan Becker <chemobejk@gmail.com> | |
| Wed, 21 Nov 2012 15:45:32 +0000 (21 17:45 +0200) | ||
| tree | 2f555f87628f77a7344affdec212309cf35132ae | treesnapshot (tar.gz zip) |
| parent | 992b372ba13bc62310e0a4e6c7cb81a4052f4b46 | commitdiff |
tls-dsk: extract expires value from TLS certificate
[MS-SIPAE] Section 3.2.2 states that the expiration time for the TLS-DSK
SA must be the lesser of the certificate expiration time or 8 hours. Add
the necessary interfaces to sipe-tls and sipe-cert-crypto to extract the
expiration time from the certificate.
Clean up the reauthentication timeout in sip-transport.c. Either the
authentication scheme provides a valid expiration time or not. If it is
valid, i.e. longer than 5 minutes, then use it, otherwise use a default
of 8 hours.
Triggered by analysis for bug #3580212.
[MS-SIPAE] Section 3.2.2 states that the expiration time for the TLS-DSK
SA must be the lesser of the certificate expiration time or 8 hours. Add
the necessary interfaces to sipe-tls and sipe-cert-crypto to extract the
expiration time from the certificate.
Clean up the reauthentication timeout in sip-transport.c. Either the
authentication scheme provides a valid expiration time or not. If it is
valid, i.e. longer than 5 minutes, then use it, otherwise use a default
of 8 hours.
Triggered by analysis for bug #3580212.