Learn more about these different git repos.
Other Git URLs
I'm testing Certmonger in conjunction with FreeIPA server installation on x86 machine. 'caSigningCert cert-pki-ca' lifetime is 20 years. As we know max unix date on 32bit machines is 03:14:07 UTC 19 January 2038. Please, take a look on the logs below.
03:14:07 UTC 19 January 2038
certutil -L -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca' | grep -i 'not after' Not After : Mon Apr 11 14:01:54 2039 getcert list -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca' | grep expires expires: 2038-01-19 06:14:07 MSK getcert resubmit -i 'xxx' getcert list -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca' | grep expires expires: 2038-01-19 06:14:07 MSK certutil -L -d /etc/pki/pki-tomcat/alias -n 'caSigningCert cert-pki-ca' | grep -i 'not after' Not After : Mon Apr 11 14:58:51 2039
As I can see getcert shows max unix date (2038Y), but certutil tells the right date (2039Y). Actually, I don't know is this only display (getcert) problem? Or this date is used for internals.
getcert
certutil
cat /var/lib/certmonger/requests/20190411140250 | grep 'cert_not_after' cert_not_after=20380119031407
Internally it is stored as time_t which should be safe. I pulled the Fedora i686 glibc-headers and it defines it as a long int.
Can you see what yours is defined as:
time.c:
#include <time.h> int main(int argc, char** argv) { time_t test; return 0; }
$ gcc -E time.c | grep time_t |grep typedef typedef long int __time_t; typedef __time_t time_t;
Hi, @rcritten. Sorry for the delay.
gcc -E time.c | grep time_t |grep typedef __extension__ typedef long int __time_t; typedef __time_t time_t;
The result is the same as your.
Login to comment on this ticket.