remove expiration date by default

ocserv.spec

@@ -85,6 +85,7 @@ mkdir -p %{_sysconfdir}/pki/ocserv/cacerts
 if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then
 certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key >/dev/null 2>&1
 echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl
+echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
 echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
 echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
 echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl
@@ -98,6 +99,7 @@ if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then
 certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key >/dev/null 2>&1
 echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl
 echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl
+echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/server.tmpl
 echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
 echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl
 certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \
@@ -155,6 +157,9 @@ rm -rf %{buildroot}
 %{_unitdir}/ocserv.service
 
 %changelog
+* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2
+- Generated certificates no longer carry an expiration date.
+
 * Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1
 - Updated to latest upstream version (0.3.0).
 - Certificates and private keys are auto-generated.