Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-12489

SSL certificates with effective or expiry date in ASN.1 GeneralizedTime format (e.g. > 2049) are invalid

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 4.7.1
    • 4.6.2
    • Network: SSL
    • None
    • Qt with OpenSSL
    • a77dbcdbb7022cc754ba87aea9a4fc471d1e4495

    Description

      QSslCertificate.isValid() returns false on certificates whose effective or expiry date is in ASN.1 GeneralizedTime format (e.g. if larger than 2049).

      The reason is that the certificate notValidBefore and notValidAfter attributes are set in QSslCertificatePrivate::QSslCertificate_from_X509 through a call to q_getTimeFromASN1.

      q_getTimeFromASN1 despite being inspired by X509_cmp_time does not properly handle the case where aTime->type is V_ASN1_GENERALIZEDTIME. For example, this format can have a 4-digit year, while lTime.tm_year reads the year on 2 digits whatever the format.

      Also, the test on lTime.tm_year < 50 (RFC2459) must only be done if the format is V_ASN1_UTCTIME.

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            phartman Peter Hartmann (closed Nokia identity) (Inactive)
            mekugi Patrick Schyrr
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes