csr: Add NotBefore & NotAfter to CAConfig

Setting these was only previously possible with backdate and expiry but could be a pain to figure out the tdeltas correctly. Sometimes its just easier to explicitly give the timestamps.
cloudflare · Jan 30, 2023 · bdadff2 · bdadff2
1 parent c5e40da
commit bdadff2
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/csr/csr.go b/csr/csr.go
@@ -18,6 +18,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"time"
 
 	cferr "github.com/cloudflare/cfssl/errors"
 	"github.com/cloudflare/cfssl/helpers"
@@ -127,10 +128,12 @@ func (kr *KeyRequest) SigAlgo() x509.SignatureAlgorithm {
 
 // CAConfig is a section used in the requests initialising a new CA.
 type CAConfig struct {
-	PathLength  int    `json:"pathlen" yaml:"pathlen"`
-	PathLenZero bool   `json:"pathlenzero" yaml:"pathlenzero"`
-	Expiry      string `json:"expiry" yaml:"expiry"`
-	Backdate    string `json:"backdate" yaml:"backdate"`
+	PathLength  int       `json:"pathlen" yaml:"pathlen"`
+	PathLenZero bool      `json:"pathlenzero" yaml:"pathlenzero"`
+	Expiry      string    `json:"expiry" yaml:"expiry"`
+	Backdate    string    `json:"backdate" yaml:"backdate"`
+	NotBefore   time.Time `json:"not_before" yaml:"not_before"`
+	NotAfter    time.Time `json:"not_after" yaml:"not_after"`
 }
 
 // A CertificateRequest encapsulates the API interface to the