From 7556578f6b7ab6c69e58c503d51efe1645011b41 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Wed, 19 Jun 2013 09:26:30 +0000
Subject: [PATCH] Remove now-irrelevant check for "excess cryptoperiod" on
 keys.

---
 build/check_embedded.pl | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/build/check_embedded.pl b/build/check_embedded.pl
index e9894558..02e2fbe4 100755
--- a/build/check_embedded.pl
+++ b/build/check_embedded.pl
@@ -16,11 +16,6 @@
 #	-q	quiet		don't print anything out if there are no problems detected
 #
 
-#
-# Maximum cryptoperiod for 1024-bit keys.
-#
-my $excessThreshold = 5; # years
-
 #
 # Number of days in the past we should regard as "long expired".
 #
@@ -281,12 +276,6 @@ sub comment {
 				next;
 			}
 			
-			if (/Not Before: (.*)$/) {
-				$notBefore = $1;
-				$notBeforeTime = str2time($notBefore);
-				next;
-			}
-
 			if (/Not After : (.*)$/) {
 				$notAfter = $1;
 				$notAfterTime = str2time($notAfter);
@@ -518,15 +507,6 @@ sub comment {
 				warning("short key ($pubSize bit) in certificate; expires $notAfter");
 			}
 
-			#
-			# Complain about keys with an excessive cryptoperiod (more than
-			# some given number of years).
-			#
-			my $validYears = ($notAfterTime - $notBeforeTime)/(86400.0*365.0);
-			my $years = sprintf "%.1f", $validYears;
-			if ($validYears >= $excessThreshold) {
-				warning("excess cryptoperiod $years years for short ($pubSize bit) key; expires $notAfter");
-			}
 		}
 
 		#