On Wed Apr 08 17:20:33 2015, [email protected] wrote: > Hi, > > I am using FreeBSD 8.2, 32bits i386, OpenSSL package: > openssl-1.0.1_18 SSL and crypto library > > During certificate generation, I found the bug: > If request CA-lifespan too long, then expiration date drops into far > past, and > CA-certificate is invalid. > > Moreover, this is no any error message print, everything works, and > this > certicicate signs another client certificates. > But, when I rtied login with these client certs, I received error: > ssl_error_expired_cert_alert - Mozilla, Seamonkey > ssl_error_bad_cert_alert - Chrome > > I assume, problem in the signed int overflow. > > See bug example following: > > If request 10000 days, then expiration date written in 1906! >
That's strange. Could you somehow be using OpenSSL 0.9.8 to generate that certificate? That's a known bug on older versions and 32 bits but 1.0.1 includes its own date routines. I just tried this with a 32 bit build and the latest 1.0.1 branch and get: Validity Not Before: Apr 11 11:41:26 2015 GMT Not After : Aug 27 11:41:26 2042 GMT Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
