From 4d4c7078cd72345d68e940ec5eb072f2fc41f187 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Sun, 27 Oct 2019 16:22:24 -0500
Subject: [PATCH] kx509: Add desired_life to Kx509CSRPlus

---
 lib/asn1/kx509.asn1 | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/asn1/kx509.asn1 b/lib/asn1/kx509.asn1
index 5451df3d9..9c7b43ae0 100644
--- a/lib/asn1/kx509.asn1
+++ b/lib/asn1/kx509.asn1
@@ -7,7 +7,7 @@
 
 KX509 DEFINITIONS ::= BEGIN
 IMPORTS Extensions FROM rfc2459
-        AUTHDATA-TYPE FROM krb5;
+        KerberosTime, AUTHDATA-TYPE FROM krb5;
 
 KX509-ERROR-CODE ::= INTEGER {
 	KX509-STATUS-GOOD(0),
@@ -69,7 +69,10 @@ Kx509CSRPlus ::= [APPLICATION 35] SEQUENCE {
         authz-datas     SEQUENCE OF AUTHDATA-TYPE,
         -- Desired certificate Extensions such as KeyUsage, ExtKeyUsage, or
         -- subjectAlternativeName (SAN)
-        exts            Extensions OPTIONAL
+        exts            Extensions OPTIONAL,
+        -- Desired certificate lifetime
+        req-life        KerberosTime OPTIONAL,
+        ...
 }
 
 -- Version 2