Closed clinty closed 11 years ago
vincenthz
commented
12 years ago as I've haven't encountered one of these, please provide an example certificate. even better if you can provide the asn1 decoded version (using openssl for example):
openssl asn1parse -i < my-certificate-with-generalized-timei've also pushed cd53aeb to handle this. instead of providing the previous step, you can just confirm that the commit fix your problem.
clinty
commented
12 years ago FTR, here is such a cert (generated with certtool 3.0.20).
-----BEGIN CERTIFICATE----- MIIDHzCCAgegAwIBAgIEUEZOrzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJU ZXN0IFNxdWVlemUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCIYDzIwMTIwOTA0MTg1 NTQzWhgPMjAyMjA5MDUxODU1NDNaMC0xKzApBgNVBAMTIlRlc3QgU3F1ZWV6ZSBD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDmgVrPL17sAwTiljAK1CvcAsAeWPR2dAhVnfsx/+dPGI30pJdUeeA91lg4 u7shxCX9j1SXoNSXbOj+Jc4MwPdy2zeFRLHiQUQn7ufYYGXPh8Q+WTP41hFGDLcm kMHMbBM7y8aDDLMJgP5xNPnPZXpSej6Kif5p8N58CZpCIlbQ40vpSe+w/6hD0ozr BnVxDkeYzpqMLVRV47fdZgCxhJRRIQDjMdKkyIV+txAuDhMu5PjOoabqbXXTjtfv jTk2dsNXxl1YQxRvX2ThhkqcJpW4oylXh2Q01bccwBBV++DrFSD2f/JZVxUp+Mzl x5FoScedQAX8/AbM5voeyOey3WcRAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8w DwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQU3knPaK8svzV6fUfgzOt7mzo5ejcw DQYJKoZIhvcNAQELBQADggEBADCnOUvoNGpF6+CBeCLkpZNQmWZOimglTo6UHQr8 sSEba7BcukJlDq0f0fWssZHkYy5CFjo2Z0wVLMTvCF1EEI3xY9kXZW/Z/Kww/2Zx INzBGH+X9afFgF69r51Zh3NqiJuRyNzqNqSZjYP3DwNNvJHokqAvOo94osrWW4CG iFpOue386OYIZjDQTBlFpqlDNbgNE14daOqJDzLz3I4hKZfCSS9S1A1/kwkxqxlr XU1nXCAOrUZku4rgCd0wvJuNNIlu9/u3Fd5tWwHKlhaqA102YHTR1wNeBJwnOIs0 sFVk0NF98uUMHm1LfDg+o0FgG4y3sVMPGFhEzUeGLV/vx3Q= -----END CERTIFICATE-----
cd53aeb does make the validity error go away.
vincenthz
commented
11 years ago Thanks, it's now part of certificate 1.2.7.
the case in parseCertHeaderValidity expects [ UTCTime t1, UTCTime t2 ], but sometimes a conformant certificate uses GeneralizedTime instead. Please handle these cases.