In the CA certificate profiles the startTime parameter is not working as expected. When editing the line "policyset.GenericCertificateSet.ValidityPeriod.default.params.startTime=0" and changing the value from 0 to something large such as 2592000 the results are not as expected. This should cause a certificate to be issued with the notBefore date being 30 days in the future but what actually happens is the notBefore date is in the past. If the value for startTime is less than 2147483 then it seems to work as expected but any larger value does not work as expected.
Actual results:
notBefore date is set in the past
Expected results:
The certificate should be issued with the notBefore date being 30 days in the future
Additional info:
May be found in associated Bugzilla Bug.
On 11/21/2016, dsirrine wrote: This is not a priority and can be targeted for RHEL 7.4 and CS 9.2... I will update if there are any changes.
NOTE: Marking as 'critical' as it is from a customer request.
Metadata Update from @ddas@redhat.com: - Issue assigned to jmagne - Issue set to the milestone: 10.4
Checkin:
commit d98f20d33378a37898d4d6ffec80b09261504823 Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com Date: Wed Apr 26 15:21:39 2017 -0700
CA in the certificate profiles the startTime parameter is not working as expected. This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects.
Metadata Update from @jmagne: - Custom field component adjusted to General (was: Profiles) - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None
Metadata Update from @jmagne: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4.3 (was: 10.4)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2640
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.