From 865827d816e3662c695200ef24ca56bf04a427c1 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 31 Jul 2012 15:05:20 +0000 Subject: [PATCH] Look at amount of time expired on expired 1024-bit certificates. Look at excessive cryptoperiods (for now, > about 3 years) on 1024-bit certificates. --- charting/shortkeys_inner.pl | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/charting/shortkeys_inner.pl b/charting/shortkeys_inner.pl index ae8af928..f9d535e0 100755 --- a/charting/shortkeys_inner.pl +++ b/charting/shortkeys_inner.pl @@ -196,10 +196,15 @@ sub comment { next; } + if (/Not Before: (.*)$/) { + $notBefore = $1; + $noteBeforeTime = str2time($notBefore); + } + if (/Not After : (.*)$/) { $notAfter = $1; $notAfterTime = str2time($notAfter); - $days = (str2time($notAfter)-time())/86400.0; + $days = ($notAfterTime-time())/86400.0; next; } @@ -229,12 +234,22 @@ sub comment { # Record expiry bin if 1024-bit key. # if ($pubSize == 1024) { + $validYears = ($notAfterTime - $noteBeforeTime)/(86400.0*365.0); if ($days < 0) { $expiryBin = -1; - print "expired 1024-bit certificate on $entity\n"; + if ($days < -180) { + my $d = floor(-$days); + print "*** long-expired ($d days) 1024-bit certificate on $entity\n"; + } else { + print "expired 1024-bit certificate on $entity\n"; + } } else { $expiryBin = floor($days/$binSize); } + if ($validYears > 3.1) { + my $years = sprintf "%.1f", $validYears; + print "excess cryptoperiod $years on $entity\n"; + } if ($expiryBin == 0) { print "Expiry bin 0 dated $notAfter on $entity\n"; } elsif ($notAfterTime > $deadlineTime) {