New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[dev.icinga.com #10266] "Not after" value overflows in X509 certificates on RHEL5 #3466
Comments
Updated by mfriedrich on 2015-10-02 10:12:51 +00:00
Hm, apparently it only affects the git master, not 2.3.10 and also not only 32bit centos5, also x64. And it seems, only certificates generated with new-cert, but not the ones coming from 'api setup'. strange.
https://mta.openssl.org/pipermail/openssl-users/2015-July/001783.html |
Updated by mfriedrich on 2015-10-02 15:15:33 +00:00
No idea which change introduced the overflow, but apparently I read an article where setting the expiration that long isn't a good idea either. Lowering the value to 15y solves the issue.
|
Updated by gbeutner on 2015-10-13 10:20:46 +00:00
|
Updated by gbeutner on 2015-10-13 10:21:05 +00:00
|
This issue has been migrated from Redmine: https://dev.icinga.com/issues/10266
Created by mfriedrich on 2015-10-02 09:41:28 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2015-10-02 15:15:33 +00:00)
Target Version: 2.3.11
Last Update: 2015-10-13 10:21:05 +00:00 (in Redmine)
http://serverfault.com/questions/355423/openssl-req-sets-wrong-not-after-date-overflow-bug
We should just lower the default expiration date from 30y to a more sane value.
Changesets
2015-10-02 10:11:21 +00:00 by mfriedrich f0a5a0c
2015-10-13 10:20:57 +00:00 by mfriedrich 72c19fe
The text was updated successfully, but these errors were encountered: