a5752d11b3
The current choice of lifetime for the autogenerated X.509 of 100 years, putting the validTo date in 2112, causes problems on 32-bit systems where a 32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected. This can result in something like: Loading module verification certificates X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired MODSIGN: Problem loading in-kernel X.509 certificate (-127) Or: X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid MODSIGN: Problem loading in-kernel X.509 certificate (-129) Instead of turning the dates into time_t values and comparing, turn the system clock and the ASN.1 dates into tm structs and compare those piecemeal instead. Reported-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| asymmetric_keys.h | ||
| asymmetric_type.c | ||
| Kconfig | ||
| Makefile | ||
| public_key.c | ||
| public_key.h | ||
| rsa.c | ||
| signature.c | ||
| x509_cert_parser.c | ||
| x509_parser.h | ||
| x509_public_key.c | ||
| x509_rsakey.asn1 | ||
| x509.asn1 | ||