[gnutls-dev] Re: Bug#140609: mutt/gnutls improperly evaluates certificate lifetimes

Andrew McDonald andrew at mcdonald.org.uk
Wed Apr 3 23:42:01 CEST 2002

reassign 140609 gnutls
(bcc'ed to control)

On Wed, Apr 03, 2002 at 09:48:50PM +0100, Andrew McDonald wrote:
[after Paul found this problem, my own testing gave:]
> A certificate that openssl shows as created at: 
> Apr  3 20:04:52 2002 GMT
> is shown by mutt's certificate display to be created at:
> Wed, 3 Apr 2002 19:04:00
> (UTC is hard coded and tacked on on the assumption that it is)
> Actually, being BST here now (since Sunday) it was created at 21:04
> local time.

[see http://bugs.debian.org/140609 for previous messages]

This is a gnutls bug.

In lib/x509_verify.c in _gnutls_utcTime2gtime() and
_gnutls_generalTime2gtime() a call is made to mktime().
mktime() takes the time in local time not UTC.

Note to Nikos: this bug was seen in 0.3.5 but also exists in current

It isn't immediately obvious to me how to fix this. I don't think there
is a GMT/UTC equivalent of mktime().

Andrew McDonald
E-mail: andrew at mcdonald.org.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: </pipermail/attachments/20020403/50ca8208/attachment.pgp>

More information about the Gnutls-devel mailing list