| commit | c4522d2ea747e139dc97238b58c9609ac9d11776 | [log] [tgz] |
|---|---|---|
| author | Marri Devender Rao <devenrao@in.ibm.com> | Thu Mar 12 06:50:17 2020 -0500 |
| committer | Jayanth Othayoth <ojayanth@in.ibm.com> | Tue Mar 17 14:02:19 2020 +0000 |
| tree | 5e4203e083f90f3cde2e91cff1ef1155a843dae0 | |
| parent | db5c6fc872e3337cdd5a229811ce3f787a900bcc [diff] |
Return error if certificate expiry date is beyond year 2038 Any certificate which is uploaded with expiry year greater than 2038 causes the exipry date to be set to time before 1970. time_t is used in calculation of expirty date based on seconds from epoch. As time_t is defined as int32 any time beyond 2038 causes integer overflow and generates a negtive number. When the negative number is used in time calculation it generates year before 1970. Modified to return error if the seconds computed for expiry date is beyond INT_MAX. This change is required till kernel changes time_t to use 64 bit value. Tested: Mar 12 11:14:38 xx phosphor-certificate-manager[520]: Certificate install Mar 12 11:14:38 xx phosphor-certificate-manager[520]: Certificate expiry date is beyond year 2038 Mar 12 11:14:38 xx phosphor-certificate-manager[520]: Invalid certificate file. "MESSAGE" : "Certificate expiry date is beyond year 2038", "PRIORITY" : "3", "SECONDS" : "2366947077", Signed-off-by: Marri Devender Rao <devenrao@in.ibm.com> Change-Id: Icb926fe6eebb2ce896ccde2527b7494896653f58
Certificate management allows to replace the existing certificate and private key file with another (possibly CA signed) Certificate key file. Certificate management allows the user to install both the server and client certificates.
To build this package, do the following steps:
1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make
To clean the repository run `./bootstrap.sh clean`.