From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] OpenVPN: Valid til days is required with OpenVPN-2.4.x Date: Mon, 18 Jun 2018 15:08:22 +0100 Message-ID: <221a76d457c03149535f5eaff0270689a8388af3.camel@ipfire.org> In-Reply-To: <1529330734.8691.2.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7426043561741910782==" List-Id: --===============7426043561741910782== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Yes, can do. Please see "next". In the future, you can create an own OpenVPN branch where all those proposed patches are collected to be able to work a little bit independent from me and also to collect patches and submit them in one go. Best, -Michael On Mon, 2018-06-18 at 16:05 +0200, ummeegge wrote: > Hi Michael, > yes i think 730 days are a good default. Patch is already made. > Can you merge the already delivered one so i can pull the actual state > and make then an own patch for this ? > > Best, > > Erik > > Am Montag, den 18.06.2018, 14:51 +0100 schrieb Michael Tremer: > > I think that a reasonable default would be 2 years. > > > > That is already the maximum I would feel comfortable with, but > > certificates > > *must* expire. They should not run for forever. > > > > But I agree with Tom that there should be an easy way to extend the > > certificate > > and that we should have some UI elements that warn when a certificate > > is going > > to expire in the next ~30 days or so. > > > > @Erik: Would you be up for implementing this? > > > > Best, > > -Michael > > > > --===============7426043561741910782==--