[Pki-devel] [pki-devel][PATCH]
Matthew Harmsen
mharmsen at redhat.com
Fri Apr 28 18:35:06 UTC 2017
On 04/26/2017 04:29 PM, John Magne wrote:
> CA in the certificate profiles the startTime parameter is not working as expected.
>
> This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects.
>
> Tested with a simple enrollment in the caUserCert profile by setting the startTime constraint to the offending value listed in the ticket/bug. The correct start time 30 days in the future was calculated and made part of the cert.
>
>
> Issue:
>
> https://pagure.io/dogtagpki/issue/2520
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
Tested this out, and agree that limiting this to simply "startTime" was
the right decision.
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20170428/b365ddc7/attachment.htm>
More information about the Pki-devel
mailing list