[strongSwan] wrong expiry date on amd64?

Andreas Steffen andreas.steffen at strongswan.org
Mon May 23 15:47:17 CEST 2011

Hello Niels,

it seems that on your amd64 "time_t" is defined as a 32 bit signed
integer and not a 64 bit signed integer as should be the case on
platforms with a 64 bit OS. I remember successfully running unit tests
with dates after 2038 on my amd64 box where time_t was definitively
64 bits.

With 32 bits, time_t wraps around again in 2106 so that 2110 would
in fact be represented as 1974.



On 23.05.2011 14:01, Niels Peen wrote:
> While experimenting with a CA certificate due to expire in 2110 I 
> noticed this works fine on some servers, but not on others. In all cases 
> the Strongswan version is 4.4.1. As I did not notice any date related 
> bugfixes in the Changelog I've not yet tried a newer version.
> On the servers where this does not work, Strongswan claims the 
> certificate expires in 1974. OpenSSL correctly report 2110 on all 
> servers. Also OpenVPN, which uses the same certificate, works fine on 
> all servers.
> The failing servers happen to be amd64, whereas the one server that 
> works normally is 686. I'm not sure that's related though.
> Has anyone else tried CA certificates with an expiry date that far in 
> the future on amd64?
> Thanks,
> Niels

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list