Regression #11504
closed
CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Added by Steve Wheeler almost 4 years ago.
Updated over 3 years ago.
Affected Plus Version:
21.02
Affected Architecture:
SG-1000, SG-3100
Files
- Target version changed from 21.05 to Plus-Next
Looks like this is from the validTo date in the parsed details using a four digit date and the code assumed a two digit date. Looks like it can be either one in certs so I added a check to fall back to the other method. Fix coming shortly.
When applying the patch for this, you will probably need to apply cb17faca3b07197db4b1eb1502a876873ddc222c first and then 16c1d390188f6e1573fe05e4e8cf7cf550fad237
- Status changed from New to Feedback
- % Done changed from 0 to 100
bdaa35dcf31def521ba8c60c0aa9c41bf5005311 is working when applied to 21.02p1 on an SG-3100. The change hasn't made it into the latest development snapshots of pfSense+ so I will leave it open for now.
- Target version changed from Plus-Next to 21.02.2
Needs re-tested on snapshots.
If needed, I have a user-supplied certificate which can replicate the problem and can provide a copy internally (not on Redmine).
Tested on 21.02p1 and it showed as invalid. After updating to latest dev build image (Mar 10), the cert no longer showed as invalid. This was on:
21.05-DEVELOPMENT (arm)
built on Wed Mar 10 01:03:47 EST 2021
FreeBSD 12.2-STABLE
Once a snapshot is available on 21.02p2, I can test on that as well.
Confirmed working on 21.02.2
- Status changed from Feedback to Resolved
- Subject changed from CA/Cert valid end dates after 2038 are invalid on arm32 to CA and certificate validity end dates after 2038 are not handled properly on 32-bit ARM
Updating subject for release notes.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by .png){kind=link}