[uClibc]Be careful with Freeswan/certs and Timezone!

Manuel Novoa III mjn3 at codepoet.org
Wed Nov 27 01:58:26 UTC 2002


On Wed, Nov 27, 2002 at 02:03:51AM +0100, Arne Bernin wrote:
> Hi all,
> 
> i just wanted to let you know that you have to set a valid timezone if
> you intend to use freeswan with certificates, otherwise you will get
> nice Dates like:
>  L3 - notBefore:
> |   'Nov 26 18:37:22 UTC 2002'
> | L3 - notAfter:
> |   'Nov 11 09:53:14 UTC 1969'
> 
> or certificates not valid before 2037 ;-) It took me some hours to find
> out why freeswan says my certificates are invalid (and to figure out,
> what is going on) , the question i am asking myself is whether it would
> be a good idea to include a default timezone somewhere so that it is at
> least a harmless value... Or to include some checking in the freeswan
> code ?
> 
> freeswan does something like:
> 
> return mktime(&t) - timezone - tz_offset;
> 
> which goes very wrong if no valid timezone is set...
> 
> regards,
>        arne
> 

I'll look into this today or tomorrow.

Manuel



More information about the uClibc mailing list