From aca96c2c6fb24af9405996a8fddaf67b7502d29d Mon Sep 17 00:00:00 2001
From: Jacob Hoffman-Andrews <github@hoffman-andrews.com>
Date: Thu, 10 Oct 2019 14:09:37 -0700
Subject: [PATCH] Use a validity period of 2 years and 30 days.

Fixes #32.
---
 main.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index fe63f52..35bfb77 100644
--- a/main.go
+++ b/main.go
@@ -141,7 +141,11 @@ func makeRootCert(key crypto.Signer, filename string) (*x509.Certificate, error)
 		},
 		SerialNumber: serial,
 		NotBefore:    time.Now(),
-		NotAfter:     time.Now().AddDate(100, 0, 0),
+		// Set the validity period to 2 years and 30 days, to satisfy the iOS and
+		// macOS requirements that all server certificates must have validity
+		// shorter than 825 days:
+		// https://derflounder.wordpress.com/2019/06/06/new-tls-security-requirements-for-ios-13-and-macos-catalina-10-15/
+		NotAfter: time.Now().AddDate(2, 30, 0),
 
 		SubjectKeyId:          skid,
 		AuthorityKeyId:        skid,