In pki/certs.go a certificate is issued to submit to a CT log. If a temporal window is defined, it is supposed to generate the certificate with NotBefore = windowStart + 1day and NotAfter = windowEnd - 1day. Instead it just sets the values to the same as the windowStart and windowEnd because the intended update to the variable needs an explicit variable set (time.AddDate() doesn't change the variable in place).
This could be updated to just set the variable and fix a few other lines of code that break the tests with this change.
It also might be a good time to overhaul this to just generate fixed lifetime certificates no matter what and make sure that the certificate's NotAfter falls in the temporal shard window if it is defined.
In
pki/certs.go
a certificate is issued to submit to a CT log. If a temporal window is defined, it is supposed to generate the certificate withNotBefore = windowStart + 1day
andNotAfter = windowEnd - 1day
. Instead it just sets the values to the same as thewindowStart
andwindowEnd
because the intended update to the variable needs an explicit variable set (time.AddDate() doesn't change the variable in place).https://github.com/letsencrypt/ct-woodpecker/blob/3e699248515f10dd9afde142f925194dc516c646/pki/certs.go#L147-L154
This could be updated to just set the variable and fix a few other lines of code that break the tests with this change.
It also might be a good time to overhaul this to just generate fixed lifetime certificates no matter what and make sure that the certificate's
NotAfter
falls in the temporal shard window if it is defined.