Project

General

Profile

Actions
Copy link

Bug #1069

closed

creating a 100 years valid CA makes this CA cert expires at year 1974

Added by Julien ROLAND over 14 years ago. Updated almost 10 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
12/04/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

a CA cert, created today, with 36500 days of validity, have the following valid period:

from 2010-12-04 to 1974-10-04

Actions
Copy link
 #1

Updated by Jim Pingle over 14 years ago

  • Status changed from New to Rejected

Sounds like a y2k38 issue (32-bit timestamp rollover), though in this case it's a PHP or OpenSSL bug. We pass the lifetime to the OpenSSL create function specified in days, not a timestamp. The PHP OpenSSL module does the real calculations internally.

This would need to be reported upstream to PHP, unless it also happens when making a certificate with OpenSSL directly, in which case it should be reported to OpenSSL.

Unfortunately there's nothing we can do about it. Just use a duration that would end before the rollover date (03:14:08 UTC on 19 January 2038)

Actions
Copy link
 #2

Updated by Chris Buechler almost 10 years ago

  • Target version deleted (2.0)
Actions
Copy link

Also available in: Atom PDF