[gnutls-help] Year 2038 problem

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Nov 21 12:51:44 CET 2014

On Fri, Nov 21, 2014 at 9:37 AM, Sascha Ziemann <ceving at gmail.com> wrote:
>                 Not Before: Fri Nov 21 08:11:43 UTC 2014
>                 Not After: Thu Dec 31 23:23:23 UTC 2037
> When I try to set the expiration date, I get an error:
> $ echo -e "cn=test\nexpiration_date=\"2050-01-01 00:00:00\"" > cfg
> $ certtool --generate-self-signed --template cfg --load-privkey key --outder
>> crt
> Generating a self signed certificate...
> Cannot parse date: 2050-01-01 00:00:00
> What is wrong with the date?
> I am using Debian 7 on AMD Geode with 32 bit.

It seems that this system uses a 32-bit time_t and this is the reason
you get these results.
The "2037-12-31 23:23:23" is the overflow time set by gnutls if the
result exceeds the maximum time that can be expressed. This is also
the reason date parsing fails (struct timespec also consists of 32-bit
values it seems).

What you can do on such system is to set expirations_days to -1, and
that would give you a certificate that doesn't expire. I was under the
impression that these systems already had a 64-bit time_t, but that
doesn't seem to be the case.


More information about the Gnutls-help mailing list