Regression #11504
closed
CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
100%
Description
The expiry date rolls over and is shown as some time in that past. pfSense see it as expired/invalid. See attachment.
This looks like a regression since: https://redmine.pfsense.org/issues/9100
Files
.png){kind=link}
Updated by Jim Pingle about 3 years ago
- Target version changed from 21.05 to Plus-Next
Looks like this is from the validTo date in the parsed details using a four digit date and the code assumed a two digit date. Looks like it can be either one in certs so I added a check to fall back to the other method. Fix coming shortly.
Updated by Jim Pingle about 3 years ago
When applying the patch for this, you will probably need to apply cb17faca3b07197db4b1eb1502a876873ddc222c first and then 16c1d390188f6e1573fe05e4e8cf7cf550fad237
Updated by Jim Pingle about 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset pfsense:bdaa35dcf31def521ba8c60c0aa9c41bf5005311.
Updated by Max Leighton about 3 years ago
bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it into the latest development snapshots of pfSense+ so I will leave it open for now.
Updated by Jim Pingle about 3 years ago
- Target version changed from Plus-Next to 21.02.2
Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and can provide a copy internally (not on Redmine).
Updated by Marcos M about 3 years ago
Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer showed as invalid. This was on:
21.05-DEVELOPMENT (arm) built on Wed Mar 10 01:03:47 EST 2021 FreeBSD 12.2-STABLE
Once a snapshot is available on 21.02p2, I can test on that as well.
Updated by Jim Pingle about 3 years ago
- Status changed from Feedback to Resolved
Updated by Jim Pingle about 3 years ago
- Subject changed from CA/Cert valid end dates after 2038 are invalid on arm32 to CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Updating subject for release notes.