[En-Nut-Discussion] [PATCH 1/2] FIX: accept certificate without expiration date

Uwe Bonnes bon at elektron.ikp.physik.tu-darmstadt.de
Mon Apr 24 16:34:53 CEST 2017

>>>>> "Krzysztof" == Krzysztof Sawicki <krzysztof.sawicki at mlabs.pl> writes:

    Krzysztof> RFC5280

    Krzysztof> "In some situations, devices are given certificates for which
    Krzysztof> no good expiration date can be assigned. For example, a
    Krzysztof> device could be issued a certificate that binds its model and
    Krzysztof> serial number to its public key; such a certificate is
    Krzysztof> intended to be used for the entire lifetime of the device."


is the problem really existant? If you emit a certificate and set not_after =
(time_t) 0x7fffffff, the check (tv.tv_sec > cert->not_after) will never
trigger with a 32 bit time implementataion.

Otherwise the standard talks about a constant of (GeneralizedTime)
99991231235959Z as marker.

Uwe Bonnes                bon at elektron.ikp.physik.tu-darmstadt.de

Institut fuer Kernphysik  Schlossgartenstrasse 9  64289 Darmstadt
--------- Tel. 06151 1623569 ------- Fax. 06151 1623305 ---------

More information about the En-Nut-Discussion mailing list