search

haskell-tls / hs-certificate

Certificate and Key Reader/Writer in haskell
60 stars 57 forks source link

Add explicit timezone to times in CRLs #58

Closed DaveCTurner closed 8 years ago

DaveCTurner commented 9 years ago

OpenSSL does not accept times without an explicit timezone. I believe the offending code is:

https://github.com/openssl/openssl/blob/7f3f41d816bb80e362a5978420f59030b3132c81/crypto/x509/x509_vfy.c#L1878

When using a CRL with times without explicit timezones, when verifying a certificate the library returns messages such as:

depth=0 C = GB, ST = England, L = West Yorkshire, ..., UID = 2b7cc0de-060b-4498-84f3-d5232415904f
verify error:num=15:format error in CRL's lastUpdate field
verify return:1
depth=0 C = GB, ST = England, L = West Yorkshire, ..., UID = 2b7cc0de-060b-4498-84f3-d5232415904f
verify error:num=16:format error in CRL's nextUpdate field
verify return:1
depth=1 C = GB, ST = England, L = West Yorkshire, ...
verify error:num=15:format error in CRL's lastUpdate field
verify return:1
depth=1 C = GB, ST = England, L = West Yorkshire, ...
verify error:num=16:format error in CRL's nextUpdate field
verify return:1
DaveCTurner commented 9 years ago

Apologies, I messed up my first commit. Fixed now.

vincenthz commented 8 years ago

Thanks, looking good