From 1e0f42b16c9eac1993c165d017a4f5db70492902 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Thu, 29 Nov 2012 18:01:47 +0000
Subject: [PATCH] Parameterise "long ago" as applied to certificate expiry, and
 drop the value from 180 days (six months) to 90 days (three months).

---
 build/check_embedded.pl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index ff11e2ee..45ce0141 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -21,6 +21,11 @@
 #
 my $excessThreshold = 5; # years
 
+#
+# Number of days in the past we should regard as "long expired".
+#
+my $longExpiredDays = 30*3; # about three months
+
 #
 # Load RSA key blacklists.
 #
@@ -217,7 +222,7 @@ sub comment {
 				$notAfter = $1;
 				$notAfterTime = str2time($notAfter);
 				$days = ($notAfterTime-time())/86400.0;
-				if ($days < -180) {
+				if ($days < -$longExpiredDays) {
 					my $d = floor(-$days);
 					error("EXPIRED LONG AGO ($d days; $notAfter)");
 				} elsif ($days < 0) {