Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today
No good solution to that, but given that we depend on glibc's time_t, we are tied to it solving the issue. The issue is tracked at: https://gitlab.com/gnutls/gnutls/issues/370 On Sun, Feb 18, 2018 at 2:12 PM Andreas Metzlerwrote: > Control: found -1 3.6.2-1 > Control: found -1 3.5.18-1 > > On 2018-01-25 Floris Bos wrote: > > Package: gnutls-bin > > Version: 3.5.8-5+deb9u3 > > Severity: important > > > Hi, > > > Seems certtool (at least the version shipped with Debian Stretch) has a > year > > 2038 problem on 32-bit architectures. > [...] > > Confirmed on i386/sid and experimental. > >
Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today
Control: found -1 3.6.2-1 Control: found -1 3.5.18-1 On 2018-01-25 Floris Boswrote: > Package: gnutls-bin > Version: 3.5.8-5+deb9u3 > Severity: important > Hi, > Seems certtool (at least the version shipped with Debian Stretch) has a year > 2038 problem on 32-bit architectures. [...] Confirmed on i386/sid and experimental.
Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today
Package: gnutls-bin Version: 3.5.8-5+deb9u3 Severity: important Hi, Seems certtool (at least the version shipped with Debian Stretch) has a year 2038 problem on 32-bit architectures. We have a program that generates SSL certificates with 20 year validity for communication within an internal network, and it started failing today. To reproduce (on i386 arch): == $ certtool --generate-privkey --outfile test.key Generating a 3072 bit RSA private key... $ cat >test.tpl <$ certtool --generate-self-signed --load-privkey test.key --template test.tpl Generating a self signed certificate... Overflow while parsing days == Does work if setting date backwards to yesterday. == $ sudo date --set '2018-1-24' Wed 24 Jan 00:00:00 GMT 2018 $ certtool --generate-self-signed --load-privkey test.key --template test.tpl Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 5a67cc853834650f7069e6eb Validity: Not Before: Wed Jan 24 00:00:05 UTC 2018 Not After: Thu Dec 31 23:23:23 UTC 2037 [...] == Yours sincerely, Floris Bos