[strongSwan] wrong expiry date on amd64?

Niels Peen niels at peen.net
Mon May 23 18:47:48 CEST 2011

Hi Andreas,

Thanks, that helps point me in the right direction. For those
interested, the OS is Debian 6 (squeeze).


On 23/05/2011 9:47 PM, Andreas Steffen wrote:
> Hello Niels,
> it seems that on your amd64 "time_t" is defined as a 32 bit signed
> integer and not a 64 bit signed integer as should be the case on
> platforms with a 64 bit OS. I remember successfully running unit tests
> with dates after 2038 on my amd64 box where time_t was definitively
> 64 bits.
> With 32 bits, time_t wraps around again in 2106 so that 2110 would
> in fact be represented as 1974.
> Regards
> Andreas
> On 23.05.2011 14:01, Niels Peen wrote:
>> While experimenting with a CA certificate due to expire in 2110 I 
>> noticed this works fine on some servers, but not on others. In all cases 
>> the Strongswan version is 4.4.1. As I did not notice any date related 
>> bugfixes in the Changelog I've not yet tried a newer version.
>> On the servers where this does not work, Strongswan claims the 
>> certificate expires in 1974. OpenSSL correctly report 2110 on all 
>> servers. Also OpenVPN, which uses the same certificate, works fine on 
>> all servers.
>> The failing servers happen to be amd64, whereas the one server that 
>> works normally is 686. I'm not sure that's related though.
>> Has anyone else tried CA certificates with an expiry date that far in 
>> the future on amd64?
>> Thanks,
>> Niels
> ======================================================================
> Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==

More information about the Users mailing list