Yes, you right! When I build custom OpenSSL for upgrade, it installs package into /usr/local/bin, not /usr/bin. In the /usr/bin/ runs old 0.9.8.
I fixed error by: cd /usr/bin mv openssl openssl-orig-0.9.8 ln -s /usr/local/bin/openssl . Thanks for suggestion, and sorry for disturbing! Please, close this ticket. Maybe, good idea write warning for BSD users. Thanks, Oleg Stephen Henson via RT wrote: > On Wed Apr 08 17:20:33 2015, khova...@gmail.com wrote: >> Hi, >> >> I am using FreeBSD 8.2, 32bits i386, OpenSSL package: >> openssl-1.0.1_18 SSL and crypto library >> >> During certificate generation, I found the bug: >> If request CA-lifespan too long, then expiration date drops into far >> past, and >> CA-certificate is invalid. >> >> Moreover, this is no any error message print, everything works, and >> this >> certicicate signs another client certificates. >> But, when I rtied login with these client certs, I received error: >> ssl_error_expired_cert_alert - Mozilla, Seamonkey >> ssl_error_bad_cert_alert - Chrome >> >> I assume, problem in the signed int overflow. >> >> See bug example following: >> >> If request 10000 days, then expiration date written in 1906! >> > That's strange. Could you somehow be using OpenSSL 0.9.8 to generate that > certificate? That's a known bug on older versions and 32 bits but 1.0.1 > includes its own date routines. I just tried this with a 32 bit build and the > latest 1.0.1 branch and get: > > Validity > Not Before: Apr 11 11:41:26 2015 GMT > Not After : Aug 27 11:41:26 2042 GMT > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev