From 53e4ce4abd53ced1a9b527cbcddebdc3f58ab0a9 Mon Sep 17 00:00:00 2001
From: Thomas Karpiniec <tkarpiniec@icloud.com>
Date: Sat, 15 May 2021 13:38:27 +1000
Subject: [PATCH] Create certificates which last 68 years (INT32_MAX seconds)

This avoids integer overflow on 32-bit architectures.
---
 src/tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index a98dfe0..0e092d3 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -6,6 +6,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -44,7 +45,7 @@ tls_host_gencert(struct gmnisrv_tls *tlsconf, struct gmnisrv_host *host,
 	X509_set_version(x509, 2);
 	ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
 	X509_gmtime_adj(X509_get_notBefore(x509), 0);
-	X509_gmtime_adj(X509_get_notAfter(x509), LONG_MAX);
+	X509_gmtime_adj(X509_get_notAfter(x509), INT32_MAX); // 68 years
 	X509_set_pubkey(x509, pkey);
 
 	char *organization = "gmnisrv";