a5752d11b3
The current choice of lifetime for the autogenerated X.509 of 100 years, putting the validTo date in 2112, causes problems on 32-bit systems where a 32-bit time_t wraps in 2106. 64-bit x86_64 systems seem to be unaffected. This can result in something like: Loading module verification certificates X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired MODSIGN: Problem loading in-kernel X.509 certificate (-127) Or: X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 is not yet valid MODSIGN: Problem loading in-kernel X.509 certificate (-129) Instead of turning the dates into time_t values and comparing, turn the system clock and the ASN.1 dates into tm structs and compare those piecemeal instead. Reported-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Josh Boyer <jwboyer@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> |
||
---|---|---|
.. | ||
asymmetric_keys | ||
async_tx | ||
ablkcipher.c | ||
aead.c | ||
aes_generic.c | ||
af_alg.c | ||
ahash.c | ||
algapi.c | ||
algboss.c | ||
algif_hash.c | ||
algif_skcipher.c | ||
ansi_cprng.c | ||
anubis.c | ||
api.c | ||
arc4.c | ||
authenc.c | ||
authencesn.c | ||
blkcipher.c | ||
blowfish_common.c | ||
blowfish_generic.c | ||
camellia_generic.c | ||
cast5.c | ||
cast6.c | ||
cbc.c | ||
ccm.c | ||
chainiv.c | ||
cipher.c | ||
compress.c | ||
crc32c.c | ||
cryptd.c | ||
crypto_null.c | ||
crypto_user.c | ||
crypto_wq.c | ||
ctr.c | ||
cts.c | ||
deflate.c | ||
des_generic.c | ||
ecb.c | ||
eseqiv.c | ||
fcrypt.c | ||
fips.c | ||
gcm.c | ||
gf128mul.c | ||
ghash-generic.c | ||
hmac.c | ||
internal.h | ||
Kconfig | ||
khazad.c | ||
krng.c | ||
lrw.c | ||
lzo.c | ||
Makefile | ||
md4.c | ||
md5.c | ||
michael_mic.c | ||
pcbc.c | ||
pcompress.c | ||
pcrypt.c | ||
proc.c | ||
ripemd.h | ||
rmd128.c | ||
rmd160.c | ||
rmd256.c | ||
rmd320.c | ||
rng.c | ||
salsa20_generic.c | ||
scatterwalk.c | ||
seed.c | ||
seqiv.c | ||
serpent_generic.c | ||
sha1_generic.c | ||
sha256_generic.c | ||
sha512_generic.c | ||
shash.c | ||
tcrypt.c | ||
tcrypt.h | ||
tea.c | ||
testmgr.c | ||
testmgr.h | ||
tgr192.c | ||
twofish_common.c | ||
twofish_generic.c | ||
vmac.c | ||
wp512.c | ||
xcbc.c | ||
xor.c | ||
xts.c | ||
zlib.c |