search

voltone / x509

Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
BSD 3-Clause "New" or "Revised" License
120 stars 28 forks source link

Certificate validity with date >= 2050 failing to encode. #24

Closed mobileoverlord closed 5 years ago

mobileoverlord commented 5 years ago

Hooray, its 2019! We've hit an issue where 31 year certificates have ending dates in the year 2050. The spec mentions that dates >= 2050 are to use GeneralizedTime instead of UTCTime. This seems to be accounted for in the code here

But fails with the error: 

{:error, {:asn1, {{:invalid_choice_type, :generalizedTime}, [{:"OTP-PUB-KEY", :enc_Time, 2, [file: 'OTP-PUB-KEY.erl', line: 12875]}, {:"OTP-PUB-KEY", :enc_Validity, 2, [file: 'OTP-PUB-KEY.erl', line: 12928]}, {:"OTP-PUB-KEY", :enc_OTPTBSCertificate, 2, [file: 'OTP-PUB-KEY.erl', line: 15719]}, {:"OTP-PUB-KEY", :encode, 2, [file: 'OTP-PUB-KEY.erl', line: 1088]}, {:public_key, :der_encode, 2, [file: 'public_key.erl', line: 306]}, {:public_key, :pkix_sign, 2, [file: 'public_key.erl', line: 692]}, {X509.Certificate, :new, 5, [file: 'lib/x509/certificate.ex', line: 83]}, {NervesHubCA, :sign_device_csr, 1, [file: 'lib/nerves_hub_ca.ex', line: 27]}]}}}
voltone commented 5 years ago

Hooray :)

There appears to be a naming inconsistency in :public_key that I hadn't noticed before. It's fixed in c1eb7bb6c280c27f4296809b3e8f1315bcdfb995, which I will publish as v0.5.1 later today.

Thanks for the report!