Hi. I have been using OpenSSL's CA feature, and recently came across a problem in the index.txt file.
This problem is similar to issue #1618, but I have a little more information than is present in that page, so I thought I would comment. Please note that I am using quite an old version of OpenSSL: 0.9.8g. However, since RT issue #1618 is still open, I thought it might still be relevant. I have an the expiry dates in my config set to 14600 days (approx 40 years). Late last year, I issued a certificate which worked ok, but early this year I find I get an error: > entry 166: invalid expiry date This appears to be due to the expiry date of the latest entry in the "index.txt" file having rolled over to the year 2050, which is encoded in a different way (with 2 more characters) than dates in the year 2049. This seems to being parsed incorrectly and so the index.txt file is being treated as invalid. The last couple of lines from the index.txt file are as follows (user details removed, but expiry dates retained): V 491227142029Z A4 unknown /C=../ST=../L=../O=../CN=../emailAddress=.. V 20500101135625Z A5 unknown /C=../ST=../L=../O=../CN=../emailAddress=.. I haven't looked into the code yet, but it seems like it should be a relatively simple fix. Thanks, Daniel Shelton -- Antix Labs Ltd Atlantic House, Imperial Way, Reading, Berkshire RG2 0TD, England. T: +44 (0)118 357 0 357 F: +44 (0)118 357 0 358 E: i...@antixlabs.com W: http://antixlabs.com/ Antix Labs is a limited company registered in England No. 6664221. Registered Office: 4 Bearl Farm, Stocksfield, NE43 7AJ, England. This email is confidential and intended for the use of the recipient only. If you have received this email in error, please inform us immediately and then delete it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer. Unless it specifically states otherwise, this email does not form part of a contract. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
