Check validity of (CPL) signing certificate

[matmat]

Maybe this is already done? Tried to look at the source but could not find anything specificly for this, but my Ruby-fu is limited :)

Anyways, would be nice to have, judging from what recently happened: http://www.film-tech.com/vbb/forum/main-forum/34652-the-y2k24-bug-major-digital-outage-today http://www.film-tech.com/vbb/forum/main-forum/34644-wonka-ftr-3-cpl-with-expired-certificates http://www.film-tech.com/vbb/forum/main-forum/34667-deluxe-certificate-expiration-unable-to-verify-content-error http://www.film-tech.com/vbb/forum/main-forum/34646-wonka-movie-and-cpl-certificate-issues http://www.film-tech.com/vbb/forum/main-forum/26517-dolby-doremi-legacy-products-cert-expiration-and-year-2024-issue https://www.theverge.com/2024/1/1/24021915/alamo-drafthouse-outage-sony-projector

[wolfgangw]

Oh my, yes, this an unfortunate omission. It's been in CTP's Certificate Decoder Behaviour section forever, dcp_inspect asleep-at-the-wheel. Update is coming.

Right now, venue people who worry about what's in their libraries, can use Ymagis' ClairMeta - their checks include the 2.2.6. Validity Date Check.

[wolfgangw]

Latest (fe8fc150dad968eddb761743fb534ed10ae6f754) is reporting errors for expired certs.

This is merely a rough patch to get out the door fast. Needs a bunch of refinements. But it screams about the issue which is all that matters right now, I reckon.

[matmat]

Thank you for this important addition!

[wolfgangw]

I've added a Siginfo section to the concluding output, which will list expiry information for all not-yet expired certs. It's in the default verbosity. Can be singled out via -v siginfo or, as it were, combined with other verbosity cutouts.

[wolfgangw]

Moved the info about expired certificates to Siginfo. Please see bee420856f9ec56e61be246e9326439e803f5c0f for the reason.

[wolfgangw]

See the change in DCI's Jan 3rd 2024 release of DCSS 1.4.4 section 9.4.3.5 for "official" language on the matter. This is a good change, it clarifies the uncertainty. Note the remark on the relation between CPL IssueDate and the signer cert's validity range.