[PATCH] uhttpd: Increase default certificate validate from 2 to 10 years
Yousong Zhou
yszhou4tech at gmail.com
Mon Aug 31 18:45:02 EDT 2020
It's worth mentioning that recent versions of macos since 10.15 have a
restriction on certificate validity period, self-signed or not. It's
a strong restriction that the browser ui will have no buttons or knobs
to bypass the certificate validation, rendering such sites
inaccessible. I remembered it's also a system wide enforcement that
chrome on macos also respects this.
[1] Requirements for trusted certificates in iOS 13 and macOS 10.15,
https://support.apple.com/en-us/HT210176
> TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).
[2] About upcoming limits on trusted certificates,
https://support.apple.com/en-us/HT211025
> TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC must not have a validity period greater than 398 days.
Regards,
yousong
More information about the openwrt-devel
mailing list