[gnutls-help] Year 2038 problem
Sascha Ziemann
ceving at gmail.com
Fri Nov 21 09:37:21 CET 2014
2014-11-17 18:00 GMT+01:00 Nikos Mavrogiannopoulos <nmav at gnutls.org>:
> On Sun, 2014-11-16 at 20:07 +0100, Sascha Ziemann wrote:
> > Is there a year 2038 problem in GnuTLS?
> > I tried to create a certificate with the following template:
> > cn = "CA.ceving.de"
> > expiration_days = 25550
>
> No, at least not the supported versions of gnutls. Which version do
> you use?
>
$ certtool --version
certtool 3.3.10
$ certtool --generate-privkey --sec-param low > key
Generating a 1024 bit RSA private key...
$ echo -e "cn=test\nexpiration_days=$((100*365))" > cfg
$ certtool --generate-self-signed --template cfg --load-privkey key
--outder > crt
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 546ef3bf2acb5a50a3efbe0c
Validity:
Not Before: Fri Nov 21 08:11:43 UTC 2014
Not After: Thu Dec 31 23:23:23 UTC 2037
Subject: CN=test
Subject Public Key Algorithm: RSA
Algorithm Security Level: Low (1024 bits)
Modulus (bits 1024):
00:e7:50:7e:e7:65:d0:26:a8:b9:77:af:ca:3f:dd:a2
2e:26:b3:1c:3f:0b:9a:b4:7f:eb:bc:73:62:20:c1:65
00:94:f6:97:4b:09:5e:06:39:cf:00:87:ef:db:7c:50
81:08:ed:95:c3:07:3e:5d:ee:a0:41:ed:a9:ac:13:ad
e7:df:0f:97:2d:59:af:e4:a0:08:56:63:62:bc:30:7e
6f:db:b2:bc:fe:9f:75:4f:87:5f:a6:93:cc:3f:8a:87
f2:f9:9a:fe:10:14:e1:2f:bb:5f:e9:fe:3b:72:1d:12
ac:b2:60:da:61:83:5f:61:09:f7:96:1c:b3:1a:5a:f4
37
Exponent (bits 24):
01:00:01
Extensions:
Basic Constraints (critical):
Certificate Authority (CA): FALSE
Subject Key Identifier (not critical):
7b6baf0b484229ac5f3f013632e6ec9f9b70f60d
Other Information:
Public Key ID:
7b6baf0b484229ac5f3f013632e6ec9f9b70f60d
Public key's random art:
+--[ RSA 1024]----+
| |
| . . |
| * * |
| = * o |
|. o o o S |
| o . + o . |
| + o E o . |
| = + + o.. |
| =.. ..++. |
+-----------------+
Signing certificate...
$ unber -m crt|head -21
<C T="[UNIVERSAL 16]" TL="4" V="466">
<C T="[UNIVERSAL 16]" TL="4" V="315">
<C T="[0]" TL="2" V="3">
<P T="[UNIVERSAL 2]" TL="2" V="1" F>2</P>
</C T="[0]">
<P T="[UNIVERSAL 2]" TL="2"
V="12">Tnó¿*ËZP£ï¾</P>
<C T="[UNIVERSAL 16]" TL="2" V="13">
<P T="[UNIVERSAL 6]" TL="2" V="9" F>1.2.840.113549.1.1.11</P>
<P T="[UNIVERSAL 5]" TL="2" V="0"></P>
</C T="[UNIVERSAL 16]">
<C T="[UNIVERSAL 16]" TL="2" V="15">
<C T="[UNIVERSAL 17]" TL="2" V="13">
<C T="[UNIVERSAL 16]" TL="2" V="11">
<P T="[UNIVERSAL 6]" TL="2" V="3" F>2.5.4.3</P>
<P T="[UNIVERSAL 19]" TL="2" V="4">test</P>
</C T="[UNIVERSAL 16]">
</C T="[UNIVERSAL 17]">
</C T="[UNIVERSAL 16]">
<C T="[UNIVERSAL 16]" TL="2" V="34">
<P T="[UNIVERSAL 24]" TL="2" V="15">20141121081143Z</P>
<P T="[UNIVERSAL 24]" TL="2" V="15">99991231235959Z</P>
certtool does not report the value written to the certificate. I would say
this is a bug.
When I try to set the expiration date, I get an error:
$ echo -e "cn=test\nexpiration_date=\"2050-01-01 00:00:00\"" > cfg
$ certtool --generate-self-signed --template cfg --load-privkey key
--outder > crt
Generating a self signed certificate...
Cannot parse date: 2050-01-01 00:00:00
What is wrong with the date?
I am using Debian 7 on AMD Geode with 32 bit.
Regards
Sascha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141121/e65ab49c/attachment-0001.html>
More information about the Gnutls-help
mailing list