Wolfssl accepts digital certificates with incorrect expiry date format

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!

https://www.wolfssl.com

GNU General Public License v2.0

2.3k stars 822 forks source link

Wolfssl accepts digital certificates with incorrect expiry date format #6384

Open llmlla opened 1 year ago

llmlla commented 1 year ago

When I used wolfssl for digital certificate validation, I found that wolfssl accepted a digital certificate with the wrong expiry date format. The version I used is wolfssl 4.2.0. Here are certificates I used. leaf.txt root.txt

kareem-wolfssl commented 1 year ago

Hi @llmlla ,

4.2.0 is extremely outdated and no longer supported, please upgrade to 5.6.0, our latest release, and retry. Your root certs appear to have valid date formats, we do support both UTC and Generalized time. With their expiry dates set far into the future (9999/6566), I do expect them to validate. Your leaf cert appears to have an invalid notBefore date, and I expect it to fail.

Thanks, Kareem

llmlla commented 1 year ago

Thanks for the suggestion, I will try the latest version.