size_t ret;
struct tm _tm;
- if (gtime == (time_t)-1) {
+ if (gtime == (time_t)-1
+#if SIZEOF_LONG == 8
+ || gtime >= 253402210800
+#endif
+ ) {
snprintf(str_time, str_time_size, "99991231235959Z");
return 0;
}
gtime2generalTime(tim, str_time, sizeof(str_time));
if (result < 0)
return gnutls_assert_val(result);
-
len = strlen(str_time);
result = asn1_write_value(c2, where, str_time, len);
if (result != ASN1_SUCCESS)
template-test.key template-test.pem template-test.tmpl \
funny-spacing.pem ca-certs.pem dane-test.rr cert-ecc256.pem \
bmpstring.pem template-utf8.pem template-utf8.tmpl \
- template-dn.tmpl template-dn.pem complex-cert.pem
+ template-dn.tmpl template-dn.pem complex-cert.pem template-overflow.pem \
+ template-overflow.tmpl template-overflow2.pem template-overflow2.tmpl
dist_check_SCRIPTS = pathlen aki template-test pem-decoding dane
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID4jCCA0ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDEVMBMGA1UEAxMMQ2lu
+ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp
+MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjAwNzA0MjEyMjAwMDBaGA85
+OTk5MTIzMTIzNTk1OVowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmS
+JomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYD
+VQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAK
+BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l
+QG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H1MIHyMA8GA1UdEwEB/wQFMAMB
+Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn
+ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO
+d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD
+AwcEADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAj
+oCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQEL
+BQADgYEANzF2BaW62UVjbiJC14JbWKJQfJnw3H2mqL0AyyEb+AfXAU65yf8pQEGl
+FwDs4xeR4vgwzcWD42FMfLXcgdy7OuKzUl0PE63LimKxlY+STWSeMpMbk3mZUmw7
+zNuXr9rgC39FyOCwiH4FvKz3wOWXZeHD5W/TGJ7I8+zfGkZsdjs=
+-----END CERTIFICATE-----
--- /dev/null
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = -1
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID4jCCA0ugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBuDEVMBMGA1UEAxMMQ2lu
+ZHkgTGF1cGVyMRcwFQYKCZImiZPyLGQBARMHY2xhdXBlcjEXMBUGA1UECxMOc2xl
+ZXBpbmcgZGVwdC4xEjAQBgNVBAoTCUtva28gaW5jLjEPMA0GA1UECBMGQXR0aWtp
+MQswCQYDVQQGEwJHUjEMMAoGA1UEDBMDRHIuMQ8wDQYDVQRBEwZqYWNrYWwxHDAa
+BgkqhkiG9w0BCQEWDW5vbmVAbm9uZS5vcmcwIhgPMjAwNzA0MjEyMjAwMDBaGA8y
+MjgxMDIwMjIyMDAwMFowgbgxFTATBgNVBAMTDENpbmR5IExhdXBlcjEXMBUGCgmS
+JomT8ixkAQETB2NsYXVwZXIxFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMRIwEAYD
+VQQKEwlLb2tvIGluYy4xDzANBgNVBAgTBkF0dGlraTELMAkGA1UEBhMCR1IxDDAK
+BgNVBAwTA0RyLjEPMA0GA1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25l
+QG5vbmUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClxs51Q4S/ZJ4C
+JxPxA1n3eS2S7XwvUKQD8S15uYaLBX46u0Sqr4TPE5geHEo49zMtep9y1GttJrAx
+N3AQ+0Lp2J0YZX4ZSfwFlgRogx53hr/t9eUSOxP+MxicGnodaa9HAmB6H7noz9vI
+NDBRlj2MllwAvGHeCA+xNiF/qQDjBQIDAQABo4H1MIHyMA8GA1UdEwEB/wQFMAMB
+Af8wagYDVR0RBGMwYYIMd3d3Lm5vbmUub3JnghN3d3cubW9yZXRoYW5vbmUub3Jn
+ghd3d3cuZXZlbm1vcmV0aGFub25lLm9yZ4cEwKgBAYENbm9uZUBub25lLm9yZ4EO
+d2hlcmVAbm9uZS5vcmcwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYDVR0PAQH/BAUD
+AwcEADAdBgNVHQ4EFgQUXUCt8M6UQJWLfpmUHZJUIspyNl8wLgYDVR0fBCcwJTAj
+oCGgH4YdaHR0cDovL3d3dy5nZXRjcmwuY3JsL2dldGNybC8wDQYJKoZIhvcNAQEL
+BQADgYEAg4t65f+BhMcWvHKO0K0taJ527ljQSiKPfjof5QSuSDoJJlyDNJKl5aZq
+21u+uiOJJBRB6xg5chDHuUtWjfSr/18JMrcETzCJYbKf4219BjcJvMEx+e57/nsn
+PvSrbnt4MoudDr1QVVFIsIcT2G2UB5aLU72THljcROuJ6pLZV3w=
+-----END CERTIFICATE-----
--- /dev/null
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+dn_oid = 2.5.4.12 Dr.
+dn_oid = 2.5.4.65 jackal
+
+# This is deprecated and should not be used in new
+# certificates.
+pkcs9_email = "none@none.org"
+
+# The serial number of the certificate
+serial = 7
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 99999
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+dns_name = "www.none.org"
+dns_name = "www.morethanone.org"
+
+# An IP address in case of a server.
+ip_address = "192.168.1.1"
+
+dns_name = "www.evenmorethanone.org"
+
+# An email in case of a person
+email = "none@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+email = "where@none.org"
+
+# Whether this is a CA certificate or not
+ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is preferred to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+
+# Whether this key will be used for IPsec IKE operations.
+#ipsec_ike_key
--template $srcdir/template-test.tmpl \
--outfile tmp-tt.pem 2>/dev/null
-diff $srcdir/template-test.pem tmp-tt.pem
+diff $srcdir/template-test.pem tmp-tt.pem >/dev/null 2>&1
rc=$?
counter=`expr $counter + 1`
done
--template $srcdir/template-utf8.tmpl \
--outfile tmp-tt.pem 2>/dev/null
-diff $srcdir/template-utf8.pem tmp-tt.pem
+diff $srcdir/template-utf8.pem tmp-tt.pem >/dev/null 2>&1
rc=$?
counter=`expr $counter + 1`
done
--template $srcdir/template-dn.tmpl \
--outfile tmp-tt.pem 2>/dev/null
-diff $srcdir/template-dn.pem tmp-tt.pem
+diff $srcdir/template-dn.pem tmp-tt.pem >/dev/null 2>&1
rc=$?
counter=`expr $counter + 1`
done
rm -f tmp-tt.pem
+rc=1
+counter=1
+
+while [ "$rc" != "0" -a $counter -le 3 ]
+do
+datefudge "2007-04-22" \
+ $CERTTOOL --generate-self-signed \
+ --load-privkey $srcdir/template-test.key \
+ --template $srcdir/template-overflow.tmpl \
+ --outfile tmp-tt.pem 2>/dev/null
+
+diff $srcdir/template-overflow.pem tmp-tt.pem >/dev/null 2>&1
+rc=$?
+counter=`expr $counter + 1`
+done
+
+# We're done.
+if test "$rc" != "0"; then
+ echo "Test 4 (overflow1) failed"
+ exit $rc
+fi
+
+rm -f tmp-tt.pem
+
+rc=1
+counter=1
+
+while [ "$rc" != "0" -a $counter -le 3 ]
+do
+datefudge "2007-04-22" \
+ $CERTTOOL --generate-self-signed \
+ --load-privkey $srcdir/template-test.key \
+ --template $srcdir/template-overflow2.tmpl \
+ --outfile tmp-tt.pem 2>/dev/null
+
+diff $srcdir/template-overflow2.pem tmp-tt.pem >/dev/null 2>&1
+rc=$?
+counter=`expr $counter + 1`
+done
+
+# We're done.
+if test "$rc" != "0"; then
+ echo "Test 5 (overflow2) failed"
+ exit $rc
+fi
+
+rm -f tmp-tt.pem
exit 0