[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [doctor/master] Shortening cert expiration warning to be on the order of weeks



commit 81afac04de02e2707704a3c76ec1bcb3db23dae6
Author: Damian Johnson <atagar@xxxxxxxxxxxxxx>
Date:   Thu Oct 24 08:37:57 2013 -0700

    Shortening cert expiration warning to be on the order of weeks
    
    Our certificate expiration warnings were unhelpfully early. Authority operators
    don't want to rotate their certs two or three months earlier than necessary, so
    changing the duration we check for from...
    
    * 2 weeks
    * 2 months
    * 3 months
    
    ... to...
    
    * 1 week
    * 2 weeks
    * 3 weeks
    
    Hopefully this should largely address https://trac.torproject.org/9103.
---
 consensus_health_checker.py |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py
index 8a3a9c9..0127f2c 100755
--- a/consensus_health_checker.py
+++ b/consensus_health_checker.py
@@ -362,12 +362,12 @@ def certificate_expiration(latest_consensus, consensuses, votes):
     cert_expiration = vote.directory_authorities[0].key_certificate.expires
     expiration_label = '%s (%s)' % (authority, cert_expiration.strftime('%Y-%m-%d %H-%M-%S'))
 
-    if (cert_expiration - current_time) <= datetime.timedelta(days = 14):
+    if (cert_expiration - current_time) <= datetime.timedelta(days = 7):
+      issues.append(Issue(Runlevel.WARNING, 'CERTIFICATE_ABOUT_TO_EXPIRE', duration = 'one week', authority = expiration_label))
+    elif (cert_expiration - current_time) <= datetime.timedelta(days = 14):
       issues.append(Issue(Runlevel.WARNING, 'CERTIFICATE_ABOUT_TO_EXPIRE', duration = 'two weeks', authority = expiration_label))
-    elif (cert_expiration - current_time) <= datetime.timedelta(days = 60):
-      issues.append(Issue(Runlevel.NOTICE, 'CERTIFICATE_ABOUT_TO_EXPIRE', duration = 'two months', authority = expiration_label))
-    elif (cert_expiration - current_time) <= datetime.timedelta(days = 90):
-      issues.append(Issue(Runlevel.NOTICE, 'CERTIFICATE_ABOUT_TO_EXPIRE', duration = 'three months', authority = expiration_label))
+    elif (cert_expiration - current_time) <= datetime.timedelta(days = 21):
+      issues.append(Issue(Runlevel.NOTICE, 'CERTIFICATE_ABOUT_TO_EXPIRE', duration = 'three weeks', authority = expiration_label))
 
   return issues
 

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits