Your message dated Sat, 1 Jun 2024 14:05:00 +0200
with message-id <zlsobfc0dfshf...@argenau.bebt.de>
and subject line Re: Bug#888426: certtool has year 2k38 problem, giving
problems for scripts that generate 20 year certs today
has caused the Debian Bug report #888426,
regarding certtool has year 2k38 problem, giving problems for scripts that
generate 20 year certs today
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
888426: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888426
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnutls-bin
Version: 3.5.8-5+deb9u3
Severity: important
Hi,
Seems certtool (at least the version shipped with Debian Stretch) has a
year 2038 problem on 32-bit architectures.
We have a program that generates SSL certificates with 20 year validity
for communication within an internal network, and it started failing today.
To reproduce (on i386 arch):
==
$ certtool --generate-privkey --outfile test.key
Generating a 3072 bit RSA private key...
$ cat >test.tpl <<EOF
cn=test
tls_www_server
expiration_days=7300
EOF
$ certtool --generate-self-signed --load-privkey test.key --template
test.tpl
Generating a self signed certificate...
Overflow while parsing days
==
Does work if setting date backwards to yesterday.
==
$ sudo date --set '2018-1-24'
Wed 24 Jan 00:00:00 GMT 2018
$ certtool --generate-self-signed --load-privkey test.key --template
test.tpl
Generating a self signed certificate...
X.509 Certificate Information:
Version: 3
Serial Number (hex): 5a67cc853834650f7069e6eb
Validity:
Not Before: Wed Jan 24 00:00:05 UTC 2018
Not After: Thu Dec 31 23:23:23 UTC 2037
[...]
==
Yours sincerely,
Floris Bos
--- End Message ---
--- Begin Message ---
Version: 3.8.3-1.1
On 2018-01-25 Floris Bos <b...@je-eigen-domein.nl> wrote:
> Package: gnutls-bin
> Version: 3.5.8-5+deb9u3
> Severity: important
> Hi,
> Seems certtool (at least the version shipped with Debian Stretch) has a year
> 2038 problem on 32-bit architectures.
> We have a program that generates SSL certificates with 20 year validity for
> communication within an internal network, and it started failing today.
> To reproduce (on i386 arch):
> ==
> $ certtool --generate-privkey --outfile test.key
> Generating a 3072 bit RSA private key...
> $ cat >test.tpl <<EOF
> cn=test
> tls_www_server
> expiration_days=7300
> EOF
> $ certtool --generate-self-signed --load-privkey test.key --template
> test.tpl
> Generating a self signed certificate...
> Overflow while parsing days
> ==
> Does work if setting date backwards to yesterday.
> ==
> $ sudo date --set '2018-1-24'
> Wed 24 Jan 00:00:00 GMT 2018
> $ certtool --generate-self-signed --load-privkey test.key --template
> test.tpl
> Generating a self signed certificate...
> X.509 Certificate Information:
> Version: 3
> Serial Number (hex): 5a67cc853834650f7069e6eb
> Validity:
> Not Before: Wed Jan 24 00:00:05 UTC 2018
> Not After: Thu Dec 31 23:23:23 UTC 2037
> [...]
> ==
Hello,
This was generally fixed as part of Debian's 64-bit transition,
https://wiki.debian.org/ReleaseGoals/64bit-time
More specifically this fixed armel, armhf, hppa, m68k, powerpc and sh4.
It was decided to leave i386 unchanged since its main use is as a
compatibility architecture for existing x86 binaries and we could not
both support this usage and switch to 64bit time_t.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--- End Message ---
