diff options
| -rw-r--r-- | certs/hpkp-hdr.j2 | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/certs/hpkp-hdr.j2 b/certs/hpkp-hdr.j2 index 0226b5c..31cb81a 100644 --- a/certs/hpkp-hdr.j2 +++ b/certs/hpkp-hdr.j2 @@ -1,16 +1,16 @@ # {{ ansible_managed }} # Do NOT edit this file directly! {% set tmpl = template_path | basename %} {% set pubkey = "certs/public/" + tmpl.rstrip("hpkp-hdr.j2") + ".pub" %} {%- set pins = [] %} {% for pk in [pubkey] + lookup('pipe', 'ls -1 '+pubkey+'.back*').splitlines() -%} {%- set sha256 = lookup('pipe', 'openssl pkey -pubin -outform DER <'+pk+' | openssl dgst -sha256 -binary | base64') -%} {%- set _ = pins.append('pin-sha256="' + sha256 + '"') -%} {%- endfor %} {%- if pins | length > 0 %} -{% set directives = pins + ['max-age=3600'] %} +{% set directives = pins + ['max-age=15768000'] %} add_header Public-Key-Pins '{{ directives | join('; ') }}'; {% endif %} |