[strongSwan] wrong expiry date on amd64?
Niels Peen
niels at peen.net
Mon May 23 18:47:48 CEST 2011
Hi Andreas,
Thanks, that helps point me in the right direction. For those
interested, the OS is Debian 6 (squeeze).
Thanks,
Niels
On 23/05/2011 9:47 PM, Andreas Steffen wrote:
> Hello Niels,
>
> it seems that on your amd64 "time_t" is defined as a 32 bit signed
> integer and not a 64 bit signed integer as should be the case on
> platforms with a 64 bit OS. I remember successfully running unit tests
> with dates after 2038 on my amd64 box where time_t was definitively
> 64 bits.
>
> With 32 bits, time_t wraps around again in 2106 so that 2110 would
> in fact be represented as 1974.
>
> Regards
>
> Andreas
>
> On 23.05.2011 14:01, Niels Peen wrote:
>> While experimenting with a CA certificate due to expire in 2110 I
>> noticed this works fine on some servers, but not on others. In all cases
>> the Strongswan version is 4.4.1. As I did not notice any date related
>> bugfixes in the Changelog I've not yet tried a newer version.
>>
>> On the servers where this does not work, Strongswan claims the
>> certificate expires in 1974. OpenSSL correctly report 2110 on all
>> servers. Also OpenVPN, which uses the same certificate, works fine on
>> all servers.
>>
>> The failing servers happen to be amd64, whereas the one server that
>> works normally is 686. I'm not sure that's related though.
>>
>> Has anyone else tried CA certificates with an expiry date that far in
>> the future on amd64?
>>
>> Thanks,
>> Niels
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
More information about the Users
mailing list