[gnutls-dev] Re: Bug#140609: mutt/gnutls improperly evaluates certificate lifetimes
Andrew McDonald
andrew at mcdonald.org.uk
Wed Apr 3 23:42:01 CEST 2002
reassign 140609 gnutls
thanks
(bcc'ed to control)
On Wed, Apr 03, 2002 at 09:48:50PM +0100, Andrew McDonald wrote:
[after Paul found this problem, my own testing gave:]
>
> A certificate that openssl shows as created at:
> Apr 3 20:04:52 2002 GMT
> is shown by mutt's certificate display to be created at:
> Wed, 3 Apr 2002 19:04:00
> (UTC is hard coded and tacked on on the assumption that it is)
>
> Actually, being BST here now (since Sunday) it was created at 21:04
> local time.
[see http://bugs.debian.org/140609 for previous messages]
This is a gnutls bug.
In lib/x509_verify.c in _gnutls_utcTime2gtime() and
_gnutls_generalTime2gtime() a call is made to mktime().
mktime() takes the time in local time not UTC.
Note to Nikos: this bug was seen in 0.3.5 but also exists in current
CVS
It isn't immediately obvious to me how to fix this. I don't think there
is a GMT/UTC equivalent of mktime().
Andrew
--
Andrew McDonald
E-mail: andrew at mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: </pipermail/attachments/20020403/50ca8208/attachment.pgp>
More information about the Gnutls-devel
mailing list