[gnutls-devel] Guile-GnuTLS | 32bit time issues with gnutls_x509_crt_[get, set]-*-time (#33)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Mar 4 18:01:37 CET 2025



Dariqq created an issue: https://gitlab.com/gnutls/guile/-/issues/33



## Description of problem:
Originally a bug against the guile bindings (https://gitlab.com/gnutls/guile/-/issues/32) but i think it might be an issue with gnutls.

The functions `gnutls_x509_crt_get_expiration_time`, `gnutls_x509_crt_set_expiration_time`, `gnutls_x509_crt_get_activation_time`, `gnutls_x509_crt_set_activation_time` seem to have troubles using time values greater than 32 bits. Trying to get a time value results in an overflow/underflow, trying to set a value in an error.

I am using a 64bit system.

## Version of gnutls used:
3.8.9

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

Verified this on Fedora 41, Debian 13 and others (on x86_64)

## How reproducible:
Always

## Steps to Reproduce:

I am using my scheme examples from the other bug report, but I verified that this is not an issue with the bindings as the value is already negative before it gets converted to a scheme value

Setting a value:
```scm
(use-modules (gnutls))
(let ((cert (make-x509-certificate))
      (expiration (expt 2 31)))
  (set-x509-certificate-expiration-time! cert expiration))
```

Getting: 

The file `cert.pem` has an expiry date in 2055
```
(use-modules (gnutls)
	     (ice-9 binary-ports))

(let* ((data (call-with-input-file "cert.pem" get-bytevector-all))
       (cert (import-x509-certificate data x509-certificate-format/pem)))

  (format #t "Activation: ~a~%Expiration: ~a~%"
	  (strftime "%c" (gmtime (x509-certificate-activation-time cert)))
	  (strftime "%c" (gmtime (x509-certificate-expiration-time cert)))))
```

Similar issues with the activation time

## Actual results:

Setting:
```
An error:
In procedure raise exception:
Value out of range -2147483648 to< 2147483647: 2147483648

```

Getting
```
Activation: Fri Feb 21 18:31:34 2025
Expiration: Thu Jan 16 12:03:18 1919
```


## Expected results:

Set the date to the correct time.

Get the correct timestamp for expiration/activation.


Interestingly when I use `gnutls_x509_crt_print` the dates are correct:
```
Validity:
	Not Before: Fri Feb 21 18:31:34 UTC 2025
	Not After:  Sun Feb 21 18:31:34 UTC 2055
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/33
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250304/d574f760/attachment-0001.html>


More information about the Gnutls-devel mailing list