[gnutls-help] Year 2038 problem

Sascha Ziemann ceving at gmail.com
Sun Nov 16 20:07:33 CET 2014

Is there a year 2038 problem in GnuTLS?

I tried to create a certificate with the following template:

cn = "CA.ceving.de"
expiration_days = 25550
path_len = 0

I expected the certificate to be valid for 70 years. But GnuTLS greatly
increases the validity. unber shows the following:

<C T="[UNIVERSAL 16]" TL="4" V="1022">
    <C T="[UNIVERSAL 16]" TL="4" V="614">
        <C T="[0]" TL="2" V="3">
            <P T="[UNIVERSAL 2]" TL="2" V="1" F>2</P>
        </C T="[0]">
        <P T="[UNIVERSAL 2]" TL="2"
        <C T="[UNIVERSAL 16]" TL="2" V="13">
            <P T="[UNIVERSAL 6]" TL="2" V="9" F>1.2.840.113549.1.1.11</P>
            <P T="[UNIVERSAL 5]" TL="2" V="0"></P>
        </C T="[UNIVERSAL 16]">
        <C T="[UNIVERSAL 16]" TL="2" V="23">
            <C T="[UNIVERSAL 17]" TL="2" V="21">
                <C T="[UNIVERSAL 16]" TL="2" V="19">
                    <P T="[UNIVERSAL 6]" TL="2" V="3" F></P>
                    <P T="[UNIVERSAL 19]" TL="2" V="12">CA.ceving.de</P>
                </C T="[UNIVERSAL 16]">
            </C T="[UNIVERSAL 17]">
        </C T="[UNIVERSAL 16]">
        <C T="[UNIVERSAL 16]" TL="2" V="34">
            <P T="[UNIVERSAL 24]" TL="2" V="15">20141116182347Z</P>
            <P T="[UNIVERSAL 24]" TL="2" V="15">99991231235959Z</P>

2084 gets 9999.

When I import this certificate into a iPhone the IOS tells me that the
certificate has expired in 1833, which is probably another year 2038 bug.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141116/75e67a7e/attachment.html>

More information about the Gnutls-help mailing list