[En-Nut-Discussion] [PATCH 1/2] FIX: accept certificate without expiration date
Uwe Bonnes
bon at elektron.ikp.physik.tu-darmstadt.de
Mon Apr 24 16:34:53 CEST 2017
>>>>> "Krzysztof" == Krzysztof Sawicki <krzysztof.sawicki at mlabs.pl> writes:
Krzysztof> RFC5280 4.1.2.5
Krzysztof> "In some situations, devices are given certificates for which
Krzysztof> no good expiration date can be assigned. For example, a
Krzysztof> device could be issued a certificate that binds its model and
Krzysztof> serial number to its public key; such a certificate is
Krzysztof> intended to be used for the entire lifetime of the device."
Krzysztof,
is the problem really existant? If you emit a certificate and set not_after =
(time_t) 0x7fffffff, the check (tv.tv_sec > cert->not_after) will never
trigger with a 32 bit time implementataion.
Otherwise the standard talks about a constant of (GeneralizedTime)
99991231235959Z as marker.
Cheers
--
Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
Institut fuer Kernphysik Schlossgartenstrasse 9 64289 Darmstadt
--------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------
More information about the En-Nut-Discussion
mailing list