Actions
Bug #5280
openValidityPeriod.NotAfter=99991231T235959 truncated
Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Description
The following command imports a SafeBag that contains a certificate whose ValidityPeriod.NotAfter is set to "99991231T235959"
i.e. 9999-12-31 23:59:59 UTC, which is a valid ISO8601 timestamp and also satisfies the ABNF definition for this field.
However, ndn-cxx truncates this field to be 2262-04-11 23:47:16 UTC.
This truncation is a result of the simple solution to Bug #5176, which enables the certificate to be treated as valid within the next two centuries, but it was not a perfect solution.
$ echo 'gP0CEAb9ARsHIggBUwgDS0VZJAgABceDW8GxaAgEc2VsZiMIAAABesFfK3MUCRgBAhkEADbugBVbMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw++PLgtFQLGDKYIPB8Qw6+e50TuT1zZRzamZmSdhD7NknRvNsaNXP/noEs+S0s35ddmgN5tp4Cvd4vIX6QyJ9BZDGwEDHBQHEggBUwgDS0VZJAgABceDW8GxaP0A/Sb9AP4PMTk4NzAyMTJUMDYzMDAw/QD/Dzk5OTkxMjMxVDIzNTk1ORdIMEYCIQD1JU+Kmeut3zUZ8BWcLhrXf4geN+lKENKB7pI5SI9OZgIhAOUV/J3Nlso7ypNUtb3Ovcg9H3BNpQvn0DcBSZnFgl/Rge8wgewwVwYJKoZIhvcNAQUNMEowKQYJKoZIhvcNAQUMMBwECKo+z3zz2Q1uAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQXf/OKYBrL3NND7Asv2j4xASBkGF2pObyOD8j9fW5b18wbXCyy9wblt+iBV0DgIa5TszztU0XyK7A4uybuY+J6Ud7Izfy1h0Ww1cqfnOJLLcG/vo8tcqjNfEeKYjbOW3A0cQSqwf5uPRueCA8qURHjCawoYaV7yvxpDbKLCLdMwQhdsok3t70EWtpsp1Yoc/1/eiC2Rc8o1euT1apDC7LItnFpA==' | ndnsec import -P 9c570742-82ed-41a8-a370-8e0c8806e5e4 -
$ NDN_NAME_ALT_URI=0 ndnsec cert-dump -pi /S
Certificate Name:
/8=S/8=KEY/36=%00%05%C7%83%5B%C1%B1h/8=self/35=%00%00%01z%C1_%2Bs
Public Key:
Key Type: 256-bit EC
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw++PLgtFQLGDKYIPB8Qw6+e50TuT
1zZRzamZmSdhD7NknRvNsaNXP/noEs+S0s35ddmgN5tp4Cvd4vIX6QyJ9A==
Validity:
Not Before: 1987-02-12T06:30:00
Not After: 2262-04-11T23:47:16
Signature Information:
Signature Type: SignatureSha256WithEcdsa
Key Locator: Name=/8=S/8=KEY/36=%00%05%C7%83%5B%C1%B1h
Self-Signed: yes
Updated by Junxiao Shi over 1 year ago
- Related to Bug #5176: ValidityPeriod.NotAfter=99991231T235959 misinterpreted added
Updated by Davide Pesavento over 1 year ago
- Subject changed from ValidityPeriod.NotAfter=99991231T235959 truncated to ValidityPeriod.NotAfter=99991231T235959 truncated
- Category set to Security
You didn't have to open another issue, but whatever...
A potential solution is mentioned in https://redmine.named-data.net/issues/5176#note-7
Actions