Bug #9098: Default CRL lifetime of 9999 rolls over at 2038 on ARM - pfSense - pfSense bugtracker

Bug #9098

Default CRL lifetime of 9999 rolls over at 2038 on ARM

Added by Jim Pingle over 2 years ago. Updated over 2 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Jim Pingle

Category:

Certificates

Target version:

2.4.4-p1

Start date:

11/05/2018

Due date:

% Done:

100%

Estimated time:

Affected Version:

All

Affected Architecture:

ARMv6

Release Notes:

Default

Description

The default lifetime on a CRL is 9999 days, which currently puts it expiring in 2046. On ARM, this seems to lead to a 32-bit rollover as expected in 2038 due to the size of the unix timestamp.

At a minimum we need to cut the default on ARM down to a lower value (10 years should be fine), or lower it for everyone.

Associated revisions

Revision 9aa8f6a8 (diff)
Added by Jim Pingle over 2 years ago

Prevent CRL from using too large a lifetime on ARM. Fixes #9098

Revision e5e2ea27 (diff)
Added by Jim Pingle over 2 years ago

Prevent CRL from using too large a lifetime on ARM. Fixes #9098

(cherry picked from commit 9aa8f6a864905c0e3738c337a51f0772b0c5eb93)

History

#1 Updated by Jim Pingle over 2 years ago

Affected Architecture ARMv6 added
Affected Architecture deleted (~~All~~)

CA and Certs get the correct/expected end date in the data, but the GUI doesn't show the dates. Moved that to #9100

#2 Updated by Jim Pingle over 2 years ago

Status changed from New to Feedback
% Done changed from 0 to 100

Applied in changeset 9aa8f6a864905c0e3738c337a51f0772b0c5eb93.

#3 Updated by Anonymous over 2 years ago

Status changed from Feedback to Resolved

Tested on 2.4.5.a.20181116.1325, works as expected.

Also available in: Atom PDF

Project

General

Profile

pfSense

Issues

Custom queries