From 0ac9023590c9542c5a1dc0db185e155b24cb1dec Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Tue, 12 Mar 2024 14:53:45 -0700
Subject: [PATCH] Fix typo in error message and comment

---
 authority/tls.go       | 5 ++++-
 cas/stepcas/stepcas.go | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/authority/tls.go b/authority/tls.go
index 049febba..ebc9d0d8 100644
--- a/authority/tls.go
+++ b/authority/tls.go
@@ -913,7 +913,10 @@ func (a *Authority) GetTLSCertificate() (*tls.Certificate, error) {
 		return fatal(err)
 	}
 
-	// For StepCAS RA let the lifetime to the provisioner used by the CA.
+	// Set the cert lifetime as follows:
+	//   i) If the CA is not a StepCAS RA use 24h, else
+	//  ii) if the CA is a StepCAS RA, leave the lifetime empty and
+	//      let the provisioner of the CA decide the lifetime of the RA cert.
 	var lifetime time.Duration
 	if casapi.TypeOf(a.x509CAService) != casapi.StepCAS {
 		lifetime = 24 * time.Hour
diff --git a/cas/stepcas/stepcas.go b/cas/stepcas/stepcas.go
index cac0d8ed..cab8f203 100644
--- a/cas/stepcas/stepcas.go
+++ b/cas/stepcas/stepcas.go
@@ -79,7 +79,7 @@ func (s *StepCAS) CreateCertificate(req *apiv1.CreateCertificateRequest) (*apiv1
 	case req.Template == nil:
 		return nil, errors.New("createCertificateRequest `template` cannot be nil")
 	case req.Lifetime < 0:
-		return nil, errors.New("createCertificateRequest `lifetime` cannot less than 0")
+		return nil, errors.New("createCertificateRequest `lifetime` cannot be less than 0")
 	}
 
 	info := &raInfo{