[Pkg-openssl-devel] Bug#449553: openssl: "Not After" date correct on amd64

Ken Ong kmong2 at gmail.com
Thu Jul 2 08:12:13 UTC 2009 

For: -date 1365

        Validity
            Not Before: Jul  2 07:46:41 2009 GMT
            Not After : Mar 28 07:46:41 2013 GMT


For: -date 13650

        Validity
            Not Before: Jul  2 07:55:29 2009 GMT
            Not After : Nov 15 07:55:29 2046 GMT

kong at debian:/etc/ssl$ sudo openssl ca -in debian_test.csr -out
cert_test.pem -keyfile debian_test.key -selfsign -days 13650 -outdir
`pwd`
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Jul  2 07:55:29 2009 GMT
            Not After : Nov 15 07:55:29 2046 GMT
        Subject:
            countryName               = CA
            stateOrProvinceName       = Prov
            organizationName          = Internet
            commonName                = John
            emailAddress              = test at example.org
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 

82:CE:F3:A2:51:FC:37:06:A5:FB:F8:E2:80:BE:6C:D9:8D:EF:98:86
            X509v3 Authority Key Identifier: 

keyid:82:CE:F3:A2:51:FC:37:06:A5:FB:F8:E2:80:BE:6C:D9:8D:EF:98:86

Certificate is to be certified until Nov 15 07:55:29 2046 GMT (13650
days)



For: -date 136500

        Validity
            Not Before: Jul  2 07:59:12 2009 GMT
            Not After : Mar 24 07:59:12 2383 GMT


kong at debian:/etc/ssl$ sudo openssl ca -in debian_test.csr -out
cert_test.pem -keyfile debian_test.key -selfsign -days 136500 -outdir
`pwd`
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 2 (0x2)
        Validity
            Not Before: Jul  2 07:59:12 2009 GMT
            Not After : Mar 24 07:59:12 2383 GMT
        Subject:
            countryName               = CA
            stateOrProvinceName       = Prov
            organizationName          = Internet
            commonName                = John
            emailAddress              = test at example.org
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 

82:CE:F3:A2:51:FC:37:06:A5:FB:F8:E2:80:BE:6C:D9:8D:EF:98:86
            X509v3 Authority Key Identifier: 

keyid:82:CE:F3:A2:51:FC:37:06:A5:FB:F8:E2:80:BE:6C:D9:8D:EF:98:86

Certificate is to be certified until Bad time value (136500 days)


Using 136500 days into the future produces a "Bad time value" for the
"Certified until" date but produces the correct "Not After" date. 


Regards,
Ong Ken Ming

More information about the Pkg-openssl-devel mailing list