x509/crypto: cert expiration error shows timezone comparison mismatch #58551
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
If the system time is set to anything besides UTC, the timezones in the CertificateInvalidError
Error()
string are mismatched, with the system time zone displayed for the current time, and UTC for the certificate expiration time. I'd expect both to be the same at least, and most likely UTC for bothWhat version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Have not attempted. The code around the CertificateInvalidError doesn't seem to have changed, though.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Set the timezone of the system to something other than UTC (
timedatectl set-timezone America/Denver
, for example)Get an expired x509 keypair. Basically what I did was generate a new keypair with an expiration time that was very soon, and wait.
Read in the PEM data of the expired keypair (
ioutils.ReadFile
).cert, err := tls.X509KeyPair(certPEM, keyPEM)
err = cert.Leaf.Verify(tls.VerifyOptions{})
fmt.Printf(err.Error())
What did you expect to see?
x509: certificate has expired or is not yet valid: current time 2023-02-16T01:46:52Z is after 2020-06-04T21:50:47Z
What did you see instead?
x509: certificate has expired or is not yet valid: current time 2023-02-15T18:44:41-07:00 is after 2020-06-04T21:50:47Z
The text was updated successfully, but these errors were encountered: