[gnutls-dev] Re: Bug#140609: mutt/gnutls improperly evaluates certificate lifetimes
Andrew McDonald
andrew@mcdonald.org.uk
Wed Apr 3 23:42:01 2002
--0F1p//8PRICkK4MW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
reassign 140609 gnutls
thanks
(bcc'ed to control)
On Wed, Apr 03, 2002 at 09:48:50PM +0100, Andrew McDonald wrote:
[after Paul found this problem, my own testing gave:]
>=20
> A certificate that openssl shows as created at:=20
> Apr 3 20:04:52 2002 GMT
> is shown by mutt's certificate display to be created at:
> Wed, 3 Apr 2002 19:04:00
> (UTC is hard coded and tacked on on the assumption that it is)
>=20
> Actually, being BST here now (since Sunday) it was created at 21:04
> local time.
[see http://bugs.debian.org/140609 for previous messages]
This is a gnutls bug.
In lib/x509_verify.c in _gnutls_utcTime2gtime() and
_gnutls_generalTime2gtime() a call is made to mktime().
mktime() takes the time in local time not UTC.
Note to Nikos: this bug was seen in 0.3.5 but also exists in current
CVS
It isn't immediately obvious to me how to fix this. I don't think there
is a GMT/UTC equivalent of mktime().
Andrew
--=20
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
--0F1p//8PRICkK4MW
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8q3b2/LupyPLe7TYRAh+vAJ9ZJ7Tl9XUiM4Gqv7iGh1yVFTEe7QCaAjg/
6KEAlYc3b69s7YWsv9f8Dv0=
=+cey
-----END PGP SIGNATURE-----
--0F1p//8PRICkK4MW--