error creating certificate which expires after 2038 on 32-bit architectures
Bug #771264 reported by
bitinerant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Maverick |
Won't Fix
|
Undecided
|
Unassigned | ||
Natty |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: openvpn
When generating a new certificate, if the variables CA_EXPIRE or KEY_EXPIRE put the expiration date after 19-Jan-2038, then pkitool will create a certificate which expires around 1902 and also corrupt keys/index.txt so that the next certificate to be generated will receive the error "entry nn: invalid expiry date" and fail.
To post a comment you must log in.
Hi bitinerant, thanks for taking the time to file this bug report and help us make Ubuntu better.
This is confirmed, but only on i386. 64-bit architectures produce the appropriate certificate.
I also believe this may be fixed in OpenSSL 1.0.0 [1], which is in Oneiric as of today. I will build a test i386 chroot and confirm that fix as well.
Marking Confirmed, setting Importance to Medium. Also reassigning to openssl.
-- www.openssl. org/news/ changelog. html
[1] http://