Remove now-irrelevant check for "excess cryptoperiod" on keys.

InCommon · Jun 19, 2013 · 7556578 · 7556578
1 parent a58f00d
commit 7556578
Showing 1 changed file with 0 additions and 20 deletions.
diff --git a/build/check_embedded.pl b/build/check_embedded.pl
@@ -16,11 +16,6 @@
 #	-q	quiet		don't print anything out if there are no problems detected
 #
 
-#
-# Maximum cryptoperiod for 1024-bit keys.
-#
-my $excessThreshold = 5; # years
-
 #
 # Number of days in the past we should regard as "long expired".
 #
@@ -281,12 +276,6 @@ sub comment {
 				next;
 			}
 
-			if (/Not Before: (.*)$/) {
-				$notBefore = $1;
-				$notBeforeTime = str2time($notBefore);
-				next;
-			}
-
 			if (/Not After : (.*)$/) {
 				$notAfter = $1;
 				$notAfterTime = str2time($notAfter);
@@ -518,15 +507,6 @@ sub comment {
 				warning("short key ($pubSize bit) in certificate; expires $notAfter");
 			}
 
-			#
-			# Complain about keys with an excessive cryptoperiod (more than
-			# some given number of years).
-			#
-			my $validYears = ($notAfterTime - $notBeforeTime)/(86400.0*365.0);
-			my $years = sprintf "%.1f", $validYears;
-			if ($validYears >= $excessThreshold) {
-				warning("excess cryptoperiod $years years for short ($pubSize bit) key; expires $notAfter");
-			}
 		}
 
 		#