Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today

2018-02-18 Thread Nikos Mavrogiannopoulos 
No good solution to that, but given that we depend on glibc's time_t, we
are tied to it solving the issue. The issue is tracked at:
https://gitlab.com/gnutls/gnutls/issues/370

On Sun, Feb 18, 2018 at 2:12 PM Andreas Metzler  wrote:

> Control: found -1 3.6.2-1
> Control: found -1 3.5.18-1
>
> On 2018-01-25 Floris Bos  wrote:
> > Package: gnutls-bin
> > Version: 3.5.8-5+deb9u3
> > Severity: important
>
> > Hi,
>
> > Seems certtool (at least the version shipped with Debian Stretch) has a
> year
> > 2038 problem on 32-bit architectures.
> [...]
>
> Confirmed on i386/sid and experimental.
>
>

Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today

2018-02-18 Thread Andreas Metzler 
Control: found -1 3.6.2-1
Control: found -1 3.5.18-1

On 2018-01-25 Floris Bos  wrote:
> Package: gnutls-bin
> Version: 3.5.8-5+deb9u3
> Severity: important

> Hi,

> Seems certtool (at least the version shipped with Debian Stretch) has a year
> 2038 problem on 32-bit architectures.
[...]

Confirmed on i386/sid and experimental.

Bug#888426: certtool has year 2k38 problem, giving problems for scripts that generate 20 year certs today

2018-01-25 Thread Floris Bos 

Package: gnutls-bin
Version: 3.5.8-5+deb9u3
Severity: important


Hi,

Seems certtool (at least the version shipped with Debian Stretch) has a 
year 2038 problem on 32-bit architectures.
We have a program that generates SSL certificates with 20 year validity 
for communication within an internal network, and it started failing today.


To reproduce (on i386 arch):

==
$ certtool --generate-privkey --outfile test.key
Generating a 3072 bit RSA private key...
$ cat >test.tpl <$ certtool --generate-self-signed --load-privkey test.key --template 
test.tpl

Generating a self signed certificate...
Overflow while parsing days
==


Does work if setting date backwards to yesterday.

==
$ sudo date --set '2018-1-24'
Wed 24 Jan 00:00:00 GMT 2018
$ certtool --generate-self-signed --load-privkey test.key --template 
test.tpl

Generating a self signed certificate...
X.509 Certificate Information:
    Version: 3
    Serial Number (hex): 5a67cc853834650f7069e6eb
    Validity:
    Not Before: Wed Jan 24 00:00:05 UTC 2018
    Not After: Thu Dec 31 23:23:23 UTC 2037
[...]
==


Yours sincerely,

Floris Bos