New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
* suggested patch for issue 13944 #14016
Conversation
- detect expiration dates after 2049-12-31 - strip first two digits from expiration date if expiration date is after 2049-12-31 to make compare with current date working again
This is unfortunately not within what is acceptable for CLA: trivial. Could you please submit an ICLA? |
The only way I found is to send a signed printout to legal@opensslfoundation.org. Thank you for your support! |
Yes, it is correct. IMO there is no pure digital way. @mattcaswell ? |
We require a signed document. The signature can be a scan of your signature inserted into the document. |
As for the patch - have you considered instead of trying to fix the bad y2k handling directly in the code, to actually use ASN1_TIME_set_string to parse the time from the DB and replace ASN1_UTCTIME with ASN1_TIME which should handle the y2k correctly by itself and then do the comparison of the ASN1_TIMEs. This should simplify the function much. |
Thank you for your feedback. To be honest, I don't know all these data types by heart and I assumed, ASN1_TIME could cause issues with the timezone. I'll have a closer look at it when I find some spare time again. I just sent the ICLA. Will this "automatically" fix the "cla-check" or do I have to set additional steps? |
No additional steps needed for that on your side. |
Close/reopen to kick CLA bot |
I created an alternate suggestion using ASN1_TIME: |
With the alternate proposal I meant using ASN1_TIME_set_string() for the time loaded from the database and ASN1_TIME_compare() to compare it with the current time. I.e. dropping all the logic to handle y2k and compare the times from the apps code. |
Ok, thanks for the feedback :) |
I think that's what your idea was: |
Closing in favour of #14026 |
CLA: trivial
Fixes #13944
to make compare with current date working again
This is my first PR for openssl - sorry for probably existing mistakes...