Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today
Floris Bos
bos at je-eigen-domein.nl
Thu Jan 25 13:32:45 UTC 2018
Package: gnutls-bin
Version: 3.5.8-5+deb9u3
Severity: important
Hi,
Seems certtool (at least the version shipped with Debian Stretch) has a
year 2038 problem on 32-bit architectures.
We have a program that generates SSL certificates with 20 year validity
for communication within an internal network, and it started failing today.
To reproduce (on i386 arch):
==
$ certtool --generate-privkey --outfile test.key
Generating a 3072 bit RSA private key...
$ cat >test.tpl <<EOF
cn=test
tls_www_server
expiration_days=7300
EOF
$ certtool --generate-self-signed --load-privkey test.key --template
test.tpl
Generating a self signed certificate...
Overflow while parsing days
==
Does work if setting date backwards to yesterday.
==
$ sudo date --set '2018-1-24'
Wed 24 Jan 00:00:00 GMT 2018
$ certtool --generate-self-signed --load-privkey test.key --template
test.tpl
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 5a67cc853834650f7069e6eb
Validity:
Not Before: Wed Jan 24 00:00:05 UTC 2018
Not After: Thu Dec 31 23:23:23 UTC 2037
[...]
==
Yours sincerely,
Floris Bos
More information about the Pkg-gnutls-maint
mailing list