[uClibc]Be careful with Freeswan/certs and Timezone!
Manuel Novoa III
mjn3 at codepoet.org
Wed Nov 27 01:58:26 UTC 2002
On Wed, Nov 27, 2002 at 02:03:51AM +0100, Arne Bernin wrote:
> Hi all,
>
> i just wanted to let you know that you have to set a valid timezone if
> you intend to use freeswan with certificates, otherwise you will get
> nice Dates like:
> L3 - notBefore:
> | 'Nov 26 18:37:22 UTC 2002'
> | L3 - notAfter:
> | 'Nov 11 09:53:14 UTC 1969'
>
> or certificates not valid before 2037 ;-) It took me some hours to find
> out why freeswan says my certificates are invalid (and to figure out,
> what is going on) , the question i am asking myself is whether it would
> be a good idea to include a default timezone somewhere so that it is at
> least a harmless value... Or to include some checking in the freeswan
> code ?
>
> freeswan does something like:
>
> return mktime(&t) - timezone - tz_offset;
>
> which goes very wrong if no valid timezone is set...
>
> regards,
> arne
>
I'll look into this today or tomorrow.
Manuel
More information about the uClibc
mailing list