Implement certificate lifetime parameter as required by WebRTC RFC.

webrtc/base/opensslidentity.cc

Index: webrtc/base/opensslidentity.cc
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index 7185571102d9341d201cfb768c1b280b691f4475..0260387925bcdb3073f3e3222b9135ba74f6c205 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -36,12 +36,6 @@ namespace rtc {
 // Random bits for certificate serial number
 static const int SERIAL_RAND_BITS = 64;
 
-// Certificate validity lifetime
-static const int CERTIFICATE_LIFETIME = 60*60*24*30;  // 30 days, arbitrarily
-// Certificate validity window.
-// This is to compensate for slightly incorrect system clocks.
-static const int CERTIFICATE_WINDOW = -60*60*24;
-
 // Generate a key pair. Caller is responsible for freeing the returned object.
 static EVP_PKEY* MakeKey(const KeyParams& key_params) {
   LOG(LS_INFO) << "Making key pair";
@@ -414,13 +408,15 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
 }
 
 OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
-                                           const KeyParams& key_params) {
+                                           const KeyParams& key_params,
+                                           time_t certificate_lifetime) {
   SSLIdentityParams params;
   params.key_params = key_params;
   params.common_name = common_name;
   time_t now = time(NULL);
-  params.not_before = now + CERTIFICATE_WINDOW;
-  params.not_after = now + CERTIFICATE_LIFETIME;
+  params.not_before = now + kCertificateWindow;
+  params.not_after = now + certificate_lifetime;
+  RTC_DCHECK(params.not_before < params.not_after);

[Ryan Sleevi, 2016/03/08 17:04:43]

This is not a good DCHECK, because it's not a programmer error - you're talking
input that's ultimately user supplied (e.g. in
https://codereview.chromium.org/1740993002/ )

[torbjorng (webrtc), 2016/03/30 14:00:29]

I am fixing this in a follow-up CL.

   return GenerateInternal(params);
 }