search

libressl / portable

LibreSSL Portable itself. This includes the build scaffold and compatibility layer that builds portable LibreSSL from the OpenBSD source code. Pull requests or patches sent to tech@openbsd.org are welcome.
https://www.libressl.org
1.35k stars 269 forks source link

format error in certificate's notBefore/notAfter field #472

Closed jbwdevries closed 4 years ago

jbwdevries commented 5 years ago

When I sign a certificate with -startdate and -enddate, the x509 tool parses it just fine, but the s_client tool gives an error with either

format error in certificate's notBefore field

or

format error in certificate's notAfter field

This also prevents applications that depend on this library to connect to the servers using them. At the moment, this is preventing us from using Alpine as a base, since that uses LibreSSL.

I'm a little lost in this code base, but I might be able to provide a patch with some pointers.

jbwdevries commented 5 years ago

I made a test case available. The setup script s here: https://pastebin.com/BGXVrFaF

After that, simply run

./apps/openssl/openssl s_server -key cakey.pem -cert ca.crt

in the background, and then run

./apps/openssl/openssl s_client -connect localhost:4433 -CAfile ca.crt

Using the OpenSSL client, I get

Verify return code: 0 (ok)

Using LibreSSL I get

Verify return code: 14 (format error in certificate's notAfter field)
busterb commented 5 years ago

Here is a similar recent discussion https://marc.info/?l=libressl&m=154470637624683&w=4

An issue with ASN.1 encoding using GENERALIZEDTIME instead of UTCTIME here as well? What did OPENSSL point to in your setup script when you generated the certificate?

jbwdevries commented 5 years ago

Apparently openssl generates the notBefore as GeneralizedTime, using libressl as generator generates it as UTCTime before 2050, and GeneralizedTime after that. This also means the time cannot be generated as before 1950.

I don't have a problem with the times being generated as UTC, but is there a reason why it is invalid to use GeneralizedTime? openssl seems to validate it just fine, is that a security risk?

jbwdevries commented 5 years ago

I made a commit that would fix this issue for me:

https://github.com/jbwdevries/openbsd/commit/405a4a7f3e60310095d7ef244e69d9acccc12322

Should I make a MR for this? Or should it be a patch?

busterb commented 5 years ago

Since the openbsd repo is just a mirror subset of OpenBSD's CVS repo, we cannot accept PRs there.

Send the patch to tech@openbsd.org.

FlorianHeigl commented 4 years ago

did this patch ever arrive & get included so the issue could be closed (and people would know which openssl version they could get to work around the issue)

jbwdevries commented 4 years ago

I posted on the mailing list, and was told they would not accept this patch.

bob-beck commented 4 years ago

This is fixed in current releases of libressl. The patch wasn't accepted because it wasn't the right way to fix it

Using the submitters own test case: 

rocinante$ ./test.sh
Generating RSA private key, 2048 bit long modulus
....................................................................+++++
........................+++++
e is 65537 (0x10001)
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :ASN.1 12:'NY'
localityName          :ASN.1 12:'NY'
organizationName      :ASN.1 12:'Example Ltd.'
organizationalUnitName:ASN.1 12:'IT'
commonName            :ASN.1 12:'localhost'
emailAddress          :IA5STRING:'localhost@example.com'
Certificate is to be certified until Feb 14 12:00:00 2025 GMT

Write out database with 1 new entries
Data Base Updated
rocinante$ openssl s_server -key ca
ca.crt     ca.csr     cakey.pem  
rocinante$ openssl s_server -key cakey.pem -cert ca.crt                                                 
Using auto DH parameters
Using default temp ECDH parameters
ACCEPT
^Z[1] + Suspended            openssl s_server -key cakey.pem -cert ca.crt 
rocinante$ bg
[1] openssl s_server -key cakey.pem -cert ca.crt 
rocinante$ openssl s_client -connect localhost:4433 -CAfile ca.crt
CONNECTED(00000003)
depth=0 CN = localhost, ST = NY, C = US, emailAddress = localhost@example.com, O = Example Ltd., OU = IT
verify return:1
-----BEGIN SSL SESSION PARAMETERS-----
---
Certificate chain
 0 s:/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
   i:/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQQFADB4MRIwEAYDVQQDDAlsb2Nh
bGhvc3QxCzAJBgNVBAgMAk5ZMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYV
bG9jYWxob3N0QGV4YW1wbGUuY29tMRUwEwYDVQQKDAxFeGFtcGxlIEx0ZC4xCzAJ
BgNVBAsMAklUMB4XDTE1MDIxNDEyMDAwMFoXDTI1MDIxNDEyMDAwMFoweDESMBAG
A1UEAwwJbG9jYWxob3N0MQswCQYDVQQIDAJOWTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWxvY2FsaG9zdEBleGFtcGxlLmNvbTEVMBMGA1UECgwMRXhhbXBs
ZSBMdGQuMQswCQYDVQQLDAJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOIPJUuRXWw0oNJb8kYWgwvRztJvamFQgv/no+t+ZPt7mROm3NCBO6BzGiJg
NMmtueTnKnJS5Izdca7ECP07yDa3+Ob/ugCX9CnaBB0vVdo9c9D7z0IBWAhzTxOq
/QwVhRA6R8wie6+R5FkXdqpBWiQSI24+wmcWToAj0H0kwb5Lu5Ksxll3d3lpWF3t
vs9zjzdfhf5ZNXZVmTMxe9bs5N8vO11CiBCHQuv4fOZUSqAJcocLtZ8ndSOY0xfN
K7hRRmxAinkJR2e/9F4UPD2oXzs5h6mPs7/rdkBazCUDdACWDhT71t2aezCNd05B
CMIWmbD6HoA5FnvrC6DY8gs2zDcCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG
9w0BAQQFAAOCAQEASgHKgC1dfd6unXQqrO5mBEtkryTBlqMhHaszeKetyUd+vqC/
YVCCKknToUOZ2q8aruGkTtC95+J/LIMD4a0szCUjEcFMM6PWDgY2kNS5xDopKEqx
QmjOpQVmZOAl/emZXtwi/YYkhy2PPtUugzNuUAp/svEd6v44WotVJ9LcJSG6EVil
6o3hJJKP5Pu1HizV5aTIyc/cmNrjdvDMxCYZdyx97QMtE1x7jOPcBYnpOplem1MF
yDSZLPba42ZvhGQ+oJ2T66m81ISO0vnYdThITVnQVNK0Qj8A8elKEIEnMKV6qsIb
GDm8Hgh8F7vZzRulryJUcG7vC6Gy5XWuRLPi8Q==
-----END CERTIFICATE-----
subject=/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
issuer=/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1544 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 92C7A05ECBF8C63F5E39003FFB8414F43F8C472374B4C577CD38FF14CFB68240
    Session-ID-ctx: 
    Master-Key: 0AC1C441F8002A3C6F9024D6865A7A8A2C3ED7F99CB9D51322144C9B6599E179BE76CF8765A36767B61DB6DED18F9633
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 19 72 b7 d9 98 fa 27 2b-0a d2 a3 1c f7 11 5c 8f   .r....'+......\.
    0010 - 93 c3 4f 4b 95 98 88 3a-67 33 e8 9d 0d d3 56 ae   ..OK...:g3....V.
    0020 - 4f c6 a3 f3 23 32 c5 8c-e4 6e eb a0 73 c8 2a 07   O...#2...n..s.*.
    0030 - 1b 84 63 1a 1f f2 ba 66-46 0f 87 f3 5a 15 be f3   ..c....fF...Z...
    0040 - c4 89 67 37 8b 06 07 e9-a5 07 b1 ca 81 a9 08 40   ..g7...........@
    0050 - 32 d2 c8 a1 86 df 2b 14-db 9d f9 29 2c 5b 99 d9   2.....+....),[..
    0060 - 1f 78 1c 19 52 84 ac e2-82 20 11 13 4a fe 65 68   .x..R.... ..J.eh
    0070 - 57 e0 d8 9a 77 5d 8a ee-52 ea 41 d6 be 3a a1 5e   W...w]..R.A..:.^
    0080 - 93 68 c8 3d 67 95 f1 5d-9c 44 57 9b 23 e0 fa 07   .h.=g..].DW.#...
    0090 - 3c b8 5e 9a e8 2b 70 c4-78 19 98 b0 c7 aa 3a 3e   <.^..+p.x.....:>

    Start Time: 1573708516
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
MFUCAQECAgMDBALAMAQABDAKwcRB+AAqPG+QJNaGWnqKLD7X+Zy51RMiFEybZZnh
eb52z4dlo2dnth223tGPljOhBgIEXczi5KIEAgIcIKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:GOST2012256-GOST89-GOST89:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

In short It works fine with libressl.

It is possible if you are using a non libressl version of the "openssl" command, it will generate an inccorrectly formatted notAfter date which is not RFC complant.

bob-beck commented 4 years ago

Of note, I believe the issue at hand was fixed in LibreSSL in 2017 with this commit to "ca.c"

revision 1.24 date: 2017/05/04 12:36:13; author: beck; state: Exp; lines: +56 -16; commitid: 8GUvw2hiOaHAq9Cs; Fix the ca command so that certs it generates have RFC5280 conformant time. Problem noticed by Harald Dunkel harald.dunkel@aixigo.de

bob-beck commented 4 years ago

And just to make sure, I also checked using your provided test script with the current version of OpenSSL. When I use openssl 1.1.1's version of the "openssl" command in your ca script, it also generates correct certificates, and works, using libressl to do the server and client with the generated certificate: 

rocinante# ./test.sh
Generating RSA private key, 2048 bit long modulus (2 primes)
......+++++
.......+++++
e is 65537 (0x010001)
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :ASN.1 12:'NY'
localityName          :ASN.1 12:'NY'
organizationName      :ASN.1 12:'Example Ltd.'
organizationalUnitName:ASN.1 12:'IT'
commonName            :ASN.1 12:'localhost'
emailAddress          :IA5STRING:'localhost@example.com'
Certificate is to be certified until Feb 14 12:00:00 2025 GMT (1919 days)

Write out database with 1 new entries
Data Base Updated
rocinante# openssl s_server -key cakey.pem -cert ca.crt               
Using auto DH parameters
Using default temp ECDH parameters
ACCEPT
^Z[2] + Suspended            openssl s_server -key cakey.pem -cert ca.crt 
rocinante# bg
[2] openssl s_server -key cakey.pem -cert ca.crt 
rocinante# openssl s_client -connect localhost:4433 -CAfile ca.crt
CONNECTED(00000003)
depth=0 CN = localhost, ST = NY, C = US, emailAddress = localhost@example.com, O = Example Ltd., OU = IT
verify return:1
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDB3El6A4dB5pvdD2gRlysQ4ei/ylW8SS7ycisSEU9oy
tE1pGjtdY1GCP52gVk4PGNuhBgIEXczrN6IEAgIcIKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:GOST2012256-GOST89-GOST89:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
---
Certificate chain
 0 s:/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
   i:/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQQFADB4MRIwEAYDVQQDDAlsb2Nh
bGhvc3QxCzAJBgNVBAgMAk5ZMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYV
bG9jYWxob3N0QGV4YW1wbGUuY29tMRUwEwYDVQQKDAxFeGFtcGxlIEx0ZC4xCzAJ
BgNVBAsMAklUMB4XDTE1MDIxNDEyMDAwMFoXDTI1MDIxNDEyMDAwMFoweDESMBAG
A1UEAwwJbG9jYWxob3N0MQswCQYDVQQIDAJOWTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWxvY2FsaG9zdEBleGFtcGxlLmNvbTEVMBMGA1UECgwMRXhhbXBs
ZSBMdGQuMQswCQYDVQQLDAJJVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+Cn7JLDHuoINhbDE5wITjjrBS/rEnYzF1oria35M6NkeQhC2h5SyGO1EUx
zq/m/cpoWDfz/UpAAuysEaTGnuYq16Ib1Co7laNl7MJb0CqGne1BI/582iOkERoz
QA0w2S38/vtmku5qqHPAS5zgGrYaCr0u377KaAUMgDmZiZVoqNSV0wJfrtMy41Gp
u8izL3zHwQv+Zq2Zdntwj7A4wx0jbRlK231Nb94smPSaIw2z12rYsLpRuWiIBSkw
MRCWXxeneCOKtAaDi2Zjcm/3krQTDsMQciakSMeALbYdueOt83DNUqIjIKKgMCzN
ijhs3Gvm0mTuxw2GCsJ7WV7OUhUCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG
9w0BAQQFAAOCAQEAS53yRMuB1MiDKpGtOJQnTMnKaNd4hmEY06OPS1k0ifDpfiYn
tV80pPqOeVk7FMmVJ1dRFSLGq37grAsI23QjmS2ATkQSzaV1JPhJxLJ+bcLmq5sq
w+NgmUAWq80s7Z1/YR5pJoI+X3vYr4mYS2tSaNFYaIapNoakoMeOWgpzTDpKcfdG
/rX4KCwygZFKMEq3veiBoNPq23ZaBazblXnRLfV4KN2eCBI5OB64xBYjoDW8ULHY
Ueb1AF77mCq8p41MWP0UKE9qKXKaJnIYYq9rLeVzyKqyv+4iTAf541o3GmJVfCIq
jS2zVamB8e/U1ku4XHv5B6RL8w+vKWGcB7x+zg==
-----END CERTIFICATE-----
subject=/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
issuer=/CN=localhost/ST=NY/C=US/emailAddress=localhost@example.com/O=Example Ltd./OU=IT
---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1544 bytes and written 318 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 73811A48D93C59E8FC4338E9EE517644853C706970CF414722B3A54FC2EBD1F5
    Session-ID-ctx: 
    Master-Key: 77125E80E1D079A6F743DA0465CAC4387A2FF2956F124BBC9C8AC48453DA32B44D691A3B5D6351823F9DA0564E0F18DB
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - ff 40 09 64 35 5b 05 3a-7d 35 df 24 2c 13 53 7b   .@.d5[.:}5.$,.S{
    0010 - 2e b7 be 09 a4 59 b4 27-00 4e 73 38 93 22 a2 8f   .....Y.'.Ns8."..
    0020 - 20 ed 59 38 07 a3 21 4c-4d ee c4 a2 a2 e6 bb 24    .Y8..!LM......$
    0030 - ce 28 3a 4f 39 0e eb af-c0 08 f3 93 8c ce b6 b3   .(:O9...........
    0040 - ff 18 43 d0 c5 1a 64 bb-06 15 c0 c1 79 4c 11 52   ..C...d.....yL.R
    0050 - fa 0b 65 fe 22 c4 b1 31-9d 68 c8 b6 5a 2b c5 a3   ..e."..1.h..Z+..
    0060 - 91 8f a9 9b 98 e2 fb 40-4c b4 68 22 cc 36 bb 8b   .......@L.h".6..
    0070 - 7e 13 90 92 4b ea 48 44-52 c2 b4 a4 bd ff 7e 4c   ~...K.HDR.....~L
    0080 - dc 5b 5d d0 5e de a9 53-58 04 75 cf 63 36 c0 69   .[].^..SX.u.c6.i
    0090 - 05 c2 0c 7b 86 92 6c de-99 7e d7 d6 a2 7e a0 10   ...{..l..~...~..

    Start Time: 1573710647
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

So again, I believe in your original submission, you either had a pre-2017 version of libressl as "openssl" from before we fixed this, or an old version of OpenSSL's "openssl" command before they fixed this.

bob-beck commented 4 years ago

I believe this should be correct in any reasonably modern version of either library, which means if you are running something old, you probably shouldn't, you'll have other problems far more serious than this.

hippi-viking commented 4 years ago

Hello,

I am having a similar format error issue in the notBefore field of the current Riseup CA file with LibreSSL 3.0.2 under OPNSense: VERIFY ERROR: depth=1, error=format error in certificate's notBefore field: CN=Riseup Networks, O=Riseup Networks, L=Seattle, ST=WA, C=US, emailAddress=collective@riseup.net

Upon first look (with openssl) it looks alright and RFC 5280 compliant: notBefore=Jan 2 20:25:40 2016 GMT notAfter=Mar 30 20:26:01 2026 GMT

Could anyone please help to spot the error with this certificate (or LibreSSL itself)?

kinichiro commented 4 years ago

@hippi-viking

RFC 5280 4.1.2.5. says "CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime; certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime."

Your certificate's notBefore and notAfter are under year 2049 but formatted as GeneralizedTime.

$ openssl asn1parse -in RiseupCA.pem
... (snip) ...
  175:d=2  hl=2 l=  34 cons: SEQUENCE
  177:d=3  hl=2 l=  15 prim: GENERALIZEDTIME   :20160102202540Z
  194:d=3  hl=2 l=  15 prim: GENERALIZEDTIME   :20260330202601Z
  211:d=2  hl=3 l= 134 cons: SEQUENCE
... (snip) ...
hippi-viking commented 4 years ago

@kinichiro

Thank you for your response! You have a valid point but please note that RFC 5280 4.1.2.5. also states just below your reference:

Conforming applications MUST be able to process validity dates that are encoded in either UTCTime or GeneralizedTime.

I think RFC 5280 is a bit vague/contradictory in this matter.

kinichiro commented 4 years ago

@hippi-viking

My personal thoughts,

hippi-viking commented 4 years ago

@kinichiro

You are of course right, in my view the authors of the RFC meant to include a fall-back mechanism in the system (for example for certificates created before the RFC itself): the correct way was to use UTCTime in the certificates before and throughout the year 2049 and GeneralizedTime after that BUT the applications must (should) accept both formats nontheless accounting for non-conformant certficiates (like ones created before the RFC). This is only speculation though and relevant only until the certificates created before the RFC expire. Do you think a temporary fix would make sense until this happens?

bob-beck commented 4 years ago

Works correctly with any modern software. if your stuff is old or broken, the thing generating the certificate should be fixed.