* suggested patch for issue 13944 #14016
Conversation
- detect expiration dates after 2049-12-31
- strip first two digits from expiration date if expiration date is after 2049-12-31
to make compare with current date working again
openssl-machine
added
the
hold: cla required
|
This is unfortunately not within what is acceptable for CLA: trivial. Could you please submit an ICLA? |
The only way I found is to send a signed printout to legal@opensslfoundation.org. Thank you for your support! |
|
Yes, it is correct. IMO there is no pure digital way. @mattcaswell ? |
We require a signed document. The signature can be a scan of your signature inserted into the document. |
|
As for the patch - have you considered instead of trying to fix the bad y2k handling directly in the code, to actually use ASN1_TIME_set_string to parse the time from the DB and replace ASN1_UTCTIME with ASN1_TIME which should handle the y2k correctly by itself and then do the comparison of the ASN1_TIMEs. This should simplify the function much. |
Thank you for your feedback. To be honest, I don't know all these data types by heart and I assumed, ASN1_TIME could cause issues with the timezone. I'll have a closer look at it when I find some spare time again. I just sent the ICLA. Will this "automatically" fix the "cla-check" or do I have to set additional steps? |
No additional steps needed for that on your side. |
|
Close/reopen to kick CLA bot |
openssl-machine
removed
the
hold: cla required
|
I created an alternate suggestion using ASN1_TIME: |
|
With the alternate proposal I meant using ASN1_TIME_set_string() for the time loaded from the database and ASN1_TIME_compare() to compare it with the current time. I.e. dropping all the logic to handle y2k and compare the times from the apps code. |
|
Ok, thanks for the feedback :) |
|
I think that's what your idea was: |
|
Closing in favour of #14026 |
CLA: trivial
Fixes #13944
to make compare with current date working again
This is my first PR for openssl - sorry for probably existing mistakes...