search

PeculiarVentures / asn1-schema

asn1-schema is a collection of TypeScript schemas that make working with common ASN.1 objects easy
32 stars 11 forks source link

Incorrect Validity encoding for Date in 2050 or later #85

Closed microshine closed 1 year ago

microshine commented 1 year ago

See more details https://github.com/PeculiarVentures/x509/issues/36

const validity = new src.Validity({
  notBefore: new Date("2049-12-31T23:59:59Z"),
  notAfter: new Date("2050-01-01T00:00:00Z"),
});
const hex = Buffer.from(AsnConvert.serialize(validity)).toString("hex");
assert.strictEqual(hex, "3020170d3439313233313233353935395a180f32303530303130313030303030305a");

Current implementation uses utcTime always. It's wrong.

RFC5280 Validity 4.1.2.5

CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime. Conforming applications MUST be able to process validity dates that are encoded in either UTCTime or GeneralizedTime.

microshine commented 1 year ago

Published in @peculiar/asn1-x509@2.3.4