Ncat certs should last for one year

Old Ncat versions were using one year but during OpenSSL API refresh (r36533), the duration was accidentally changed to one minute by copying Ncat test code from ncat/test/test-wildcard.c Fixes #2167, closes #2168
2026-01-08 07:29:03 +00:00 · 2020-12-24 00:35:38 +00:00
parent cd63da6ba0
commit 9334c9fd5d
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@@ -31,6 +31,10 @@ o New UDP payloads:

 o [Ncat][GH#2154] Ncat no longer crashes when used with Unix domain sockets.

+o [Ncat][GH#2167][GH#2168] Ncat is now again generating certificates
+  with the duration of one year. Due to a bug, recent versions of Ncat were
+  using only one minute. [Tobias Girstmair]
+
 o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
  visible are that certificate SANs are properly split apart and that
  identities that are syntactically incorrect to be hostnames are now ignored.
--- a/ncat/ncat_ssl.c
+++ b/ncat/ncat_ssl.c
@@ -530,7 +530,7 @@ static int ssl_gen_cert(X509 **cert, EVP_PKEY **key)
            || X509_gmtime_adj(tb, 0) == 0
            || X509_set1_notBefore(*cert, tb) == 0
            || (ta = ASN1_STRING_dup(X509_get0_notAfter(*cert))) == 0
-            || X509_gmtime_adj(ta, 60) == 0
+            || X509_gmtime_adj(ta, DEFAULT_CERT_DURATION) == 0
            || X509_set1_notAfter(*cert, ta) == 0
            || X509_set_pubkey(*cert, *key) == 0) {
            ASN1_STRING_free(tb);