Reject certificates that are valid for too long.

net/data/ssl/certificates/README

Index: net/data/ssl/certificates/README
diff --git a/net/data/ssl/certificates/README b/net/data/ssl/certificates/README
index 5d1faf2602e93cac097843f2fd24e1b62a7401b7..c9e1dc5950d3bf7ae1d999d3a5bc0d512ff77fb9 100644
--- a/net/data/ssl/certificates/README
+++ b/net/data/ssl/certificates/README
@@ -129,8 +129,8 @@ unit tests.
 - expired_cert.pem
 - ok_cert.pem
 - root_ca_cert.pem
-     These certificates are the common certificates used by the Python test
-     server for simulating HTTPS connections.
+    These certificates are the common certificates used by the Python test
+    server for simulating HTTPS connections.
 
 - name_constraint_bad.pem
 - name_constraint_good.pem
@@ -147,6 +147,12 @@ unit tests.
 - punycodetest.pem : A test self-signed server certificate with punycode name.
      The common name is "xn--wgv71a119e.com" (日本語.com)
 
+- 40_months_after_2015_04.pem
+- 61_months_after_2012_07.pem
+- 11_year_validity.pem
+    Certs to test that the maximum validity durations set by the CA/Browser
+    Forum Baseline Requirements are enforced.

[Ryan Sleevi, 2015/01/22 02:04:40]

10_year_validity
11_year_validity
39_months_after_2015_04
60_months_after_2012_07
pre_br_validity_bad_121
pre_br_validity_bad_2020
pre_br_validity_ok
start_after_expirey.pem


- reject_intranet_hosts.pem
   A certificate with a non-IANA delegated domain, which is rejected since a CA
cannot validate the applicant controls that domain.

[palmer, 2015/01/22 20:05:05]

Done.

+
 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh
 - 2048-rsa-root.pem
 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
@@ -252,5 +258,3 @@ unit tests.
      containing the intermediate, which can be served via a URLRequestFilter.
      aia-intermediate.der is stored in DER form for convenience, since that is
      the form expected of certificates discovered via AIA.
-
-