dogtagpki

Clone
Source Code
GIT

#2520 CA certificate profiles: the startTime parameter is not working as expected.
Closed: fixed 6 years ago Opened 7 years ago by ddas@redhat.com.

Closed: fixed
Reopen Issue

In the CA certificate profiles the startTime parameter is not
working as expected. When editing the line
"policyset.GenericCertificateSet.ValidityPeriod.default.params.startTime=0" and
changing the value from 0 to something large such as 2592000 the results are
not as expected. This should cause a certificate to be issued with the
notBefore date being 30 days in the future but what actually happens is the
notBefore date is in the past. If the value for startTime is less than 2147483
then it seems to work as expected but any larger value does not work as
expected.

Actual results:

notBefore date is set in the past

Expected results:

The certificate should be issued with the notBefore date being 30 days in the
future

Additional info:

May be found in associated Bugzilla Bug.

On 11/21/2016, dsirrine wrote:
This is not a priority and can be targeted for RHEL 7.4 and CS 9.2... I will update if there are any changes.

NOTE: Marking as 'critical' as it is from a customer request.

Metadata Update from @ddas@redhat.com:
- Issue assigned to jmagne
- Issue set to the milestone: 10.4
7 years ago

Checkin:

commit d98f20d33378a37898d4d6ffec80b09261504823
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Wed Apr 26 15:21:39 2017 -0700

CA in the certificate profiles the startTime parameter is not working as expected.

This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects.

Metadata Update from @jmagne:
- Custom field component adjusted to General (was: Profiles)
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
6 years ago

Metadata Update from @jmagne:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.4.3 (was: 10.4)
6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2640

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
critical
None
None
defect
''
None
None
None
''
RHCust
''
None
None
None
None
''
General
''
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.