Seriously, if we use openssl version 0.9.7 to generate a certificate
on MacOS and set the end day to 9999 from now, i.e. set 'default_days'
to 9999 but do not have 'default_enddate' in the config,
we get
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Oct 6 20:41:18 2008 GMT
Not After : Jan 15 14:13:02 1900 GMT
Switch to version 0.9.7e works better, but it still fails if we set
the system clock in 2010.
It means for applications that only want to have the maximum validity
by specifying 9999 days when they generate 'self-signed' certificate,
the certificate will either fail now, or in a couple of years.
This is not a problem we can casually brush off assuming it is not
going to happen before we are all retired.
Alex
On Oct 6, 2008, at 9:43 AM, Mark H. Wood wrote:
On Mon, Oct 06, 2008 at 10:19:08AM -0500, Michael S. Zick wrote:
On Mon October 6 2008, Thomas J. Hruska wrote:
Philipp Gühring wrote:
Hi,
The biggest Problem with the Y2038 problem I see is that most
people
believe that it will go away due to the migration to 64 Bit
machines.
But this isn't going to happen. We have to start fixing 2038 now,
also
for all our 32 Bit platforms, 16 Bit platforms and 8 Bit platforms.
Best regards,
Philipp Gühring
Well, that and the problem that it is so hard to get anyone to think
about time formats w.r.t. any time other than "right now". Already
the idea "31 years from now" is inexpressible.
Oh...you mean like these problems (disclaimer: Found on the
Internet
and taken out of context):
Having spent a few years in testing development fuze and guidance
systems...
Don't worry about that one.
If you are seriously concerned, move at least 150 miles away
from any of the A-List cities. ;)
(50 mile error allowance, 50 mile 100% kill zone, plus room to hide.)
A more likely possibility -
All of the crypto-locks on the physical facilities will not work,
nor any of the access cards - nobody will be able to get in.
Meaning the world will be effectively, totally disarmed.
So long as *none* of the parties fix their clocks first. We must not
have a clock-width gap! :-)
--
Mark H. Wood, Lead System Programmer [EMAIL PROTECTED]
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
