[gnutls-help] Year 2038 problem
Sascha Ziemann
ceving at gmail.com
Sun Nov 16 20:07:33 CET 2014
Is there a year 2038 problem in GnuTLS?
I tried to create a certificate with the following template:
cn = "CA.ceving.de"
expiration_days = 25550
ca
signing_key
cert_signing_key
crl_signing_key
path_len = 0
I expected the certificate to be valid for 70 years. But GnuTLS greatly
increases the validity. unber shows the following:
<C T="[UNIVERSAL 16]" TL="4" V="1022">
<C T="[UNIVERSAL 16]" TL="4" V="614">
<C T="[0]" TL="2" V="3">
<P T="[UNIVERSAL 2]" TL="2" V="1" F>2</P>
</C T="[0]">
<P T="[UNIVERSAL 2]" TL="2"
V="12">Thë³#¢¶ˆeôy</P>
<C T="[UNIVERSAL 16]" TL="2" V="13">
<P T="[UNIVERSAL 6]" TL="2" V="9" F>1.2.840.113549.1.1.11</P>
<P T="[UNIVERSAL 5]" TL="2" V="0"></P>
</C T="[UNIVERSAL 16]">
<C T="[UNIVERSAL 16]" TL="2" V="23">
<C T="[UNIVERSAL 17]" TL="2" V="21">
<C T="[UNIVERSAL 16]" TL="2" V="19">
<P T="[UNIVERSAL 6]" TL="2" V="3" F>2.5.4.3</P>
<P T="[UNIVERSAL 19]" TL="2" V="12">CA.ceving.de</P>
</C T="[UNIVERSAL 16]">
</C T="[UNIVERSAL 17]">
</C T="[UNIVERSAL 16]">
<C T="[UNIVERSAL 16]" TL="2" V="34">
<P T="[UNIVERSAL 24]" TL="2" V="15">20141116182347Z</P>
<P T="[UNIVERSAL 24]" TL="2" V="15">99991231235959Z</P>
2084 gets 9999.
When I import this certificate into a iPhone the IOS tells me that the
certificate has expired in 1833, which is probably another year 2038 bug.
Regards,
Sascha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141116/75e67a7e/attachment.html>
More information about the Gnutls-help
mailing list