Bug#862335: closed by Sebastian Andrzej Siewior (Re: Bug#862335: openssl creates and accepts certificates with bad notAfter field)

It has been fixed in libressl and openssl 1.1.1, so I am fine. I rely upon your expertise that the problem doesn't have to be fixed in 1.1.0. Thanx for your support Harri

Bug#862335: openssl creates and accepts certificates with bad notAfter field

Please don't underestimate this problem. openssl creates bad certificates here without telling. It is *highly* annoying if you are affected by a bad root certificate you already used for setting up a private PKI and then detect the problem on a platform with a better ssl implementation. I would

Bug#862335: openssl creates and accepts certificates with bad notAfter field

On Thu, 11 May 2017 18:42:17 +0200 Kurt Roeckx wrote: > On Thu, May 11, 2017 at 02:59:20PM +0200, Harald Dunkel wrote: >> >> Please note the "-enddate 20451231235959Z" and compare with RFC >> 5280 section 4.1.2.5 (https://www.ietf.org/rfc/rfc5280.txt). The >> GeneralizedTime

Bug#862335: [Pkg-openssl-devel] Bug#862335: openssl creates and accepts certificates with bad notAfter field

On Thu, May 11, 2017 at 02:59:20PM +0200, Harald Dunkel wrote: > > Please note the "-enddate 20451231235959Z" and compare with RFC 5280 > section 4.1.2.5 (https://www.ietf.org/rfc/rfc5280.txt). The GeneralizedTime > format is not allowed for 2045, but apparently openssl doesn't convert > the

Bug#862335: openssl creates and accepts certificates with bad notAfter field

Package: openssl Version: 1.1.0e-1 If I create a self-signed certificate with a bad notAfter field, then openssl doesn't complain. Sample session: % mkdir -p ca/root-ca/private ca/root-ca/db crl certs % chmod 700 ca/root-ca/private % cp /dev/null ca/root-ca/db/root-ca.db % cp /dev/null