Comments (6)
There is no reason for a modern 32 bit platform to have a 32 bit time_t - if it is your operating system is going to be badly broken on dates in the near future - i.e. after January 18, 2038
In a nutshell, OpenSSL is failing defensively, because your operating system is fundamentally broken for these dates, and you will very likely have security problems
dealing with and accepting and manipulating such dates.. Really, this is an issue that
the underlying operating system needs to fix - to avoid many other problems (even if we accept the certificate).
"Programs that work with future dates will begin to run into problems sooner; for example a program that works with dates 20 years in the future will have to be fixed no later than 2018." : https://en.wikipedia.org/wiki/Year_2038_problem
from openbsd.
And in case you're wondering, I'm of an age where some jerk might end up putting some embedable linux 32 bit internet-of-shite thing in my chest as a pacemaker or something before Jan 19 2038.. I'm not going to get killed by a crappy linux freaking out then because I didn't to my darndest to get the ecosystem to fix it's problems. I want to die from my own foolish excesses.
from openbsd.
Thanks for your delightful response. Lets hope you (or me for that matter) will never need a pacemaker ;-)
Unfortunately the software I wanted to build against LibreSSL is running with Ubuntu Trusty on armhf which only has a 32bit time_t
- I guess I'll have to stick with OpenSSL/BoringSSL for now then.
Anyway, thanks for your feedback and sorry for bothering you.
from openbsd.
Yes, indeed you'll have to stick with that, and/or be able to run the linux
x32 ABI environment on it (although I don't think you can for that). Since
the focus of 32 bit linux is "backward compatibility" I think you will need
to stick to something
backward on that - sorry ;)
On Wed, Jul 27, 2016 at 4:40 PM, Joachim Bauch [email protected]
wrote:
Thanks for your delightful response. Lets hope you (or me for that matter)
will never need a pacemaker ;-)Unfortunately the software I wanted to build against LibreSSL is running
with Ubuntu Trusty on armhf which only has a 32bit time_t - I guess I'll
have to stick with OpenSSL/BoringSSL for now then.Anyway, thanks for your feedback and sorry for bothering you.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
#66 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AHv2dalKnoZ6I4o7VKs0upPt1Mqnlgz0ks5qZ95ZgaJpZM4JU6Cr
.
from openbsd.
AFAICS, this is being worked around in 362ffef
from openbsd.
@chneukirchen - correct, the notafter date is now clamped to 2038 in the case of a 32-bit time_t.
from openbsd.
Related Issues (20)
- Is libressl compatible with Linux? HOT 2
- curl-7.73.0 w/ libressl-3.2.2 leaks memory HOT 11
- tls_keypair_load_cert() fail but return no error HOT 2
- SSL_CTX_{g,s}et_security_level HOT 3
- Any possibility of creating a ruby gem for this project? HOT 1
- Inconsistent cert verification errors returned between TLS 1.2 and 1.3 HOT 6
- License information not available HOT 1
- one bug
- stack-buffer-overflow in function x509_constraints_parse_mailbox HOT 2
- TLS 1.3 decrypting support
- SIGSEGV occurred in EVP_MD_CTX_cleanup() immediately after malloc() returned NULL in pkey_hmac_init(). HOT 3
- Missing DSA_meth_set1_name HOT 2
- URI Checks are too strict in subject alt name HOT 2
- netcat may read from invalid file descriptors
- libtls: make the TLS_EOF_NO_CLOSE_NOTIFY bit user-visible
- stack-buffer-overflow(max 5byte) in print_bin() when indent is specified as 124 or more
- SIGSEGV occurs if memory allocation fails in ssl3_setup_init_buffer() called by tls13_use_legacy_stack() when downgrading from TLS1.3. HOT 4
- SSL_get{_peer,}_signature_type_nid implemented but not exported HOT 1
- Compat: Ability to compile without IPv6 support HOT 2
- EVP_get_cipherbynid/EVP_get_digestbynid when given an invalid ID/EVP_get_digestbyname segfaults with NULL argument HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openbsd.