Community discussions

MikroTik App
 
levicki
newbie
Topic Author
Posts: 30
Joined: Mon Apr 30, 2018 12:22 pm
Location: Belgrade, Serbia
Contact:

[BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 4:58 pm

The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years).

The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Year 2038 Problem) -- the Invalid After field for the certificate in question is showing Jan/01/2038 12:47:58 when it should be showing Apr/30/2121 12:47:58.

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available here.

Note that your using of 32-bit time_t is certainly affecting other functions as well, not just certificate validity checks.
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 5:08 pm

Switch to 7.1beta5 and enjoy that 64 bit time.
 
levicki
newbie
Topic Author
Posts: 30
Joined: Mon Apr 30, 2018 12:22 pm
Location: Belgrade, Serbia
Contact:

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 5:11 pm

Let me also add that for a certificate created today with 3652 days it is showing Days Valid as 3652, but it shows Expires After as 3636 days, so there seems to be more wrong than just 32-bit cutoff. I found a discussion about that here and after reading it I still don't understand where this error is coming from (RouterOS or WinBox). Regardless, it should be fixed.
 
levicki
newbie
Topic Author
Posts: 30
Joined: Mon Apr 30, 2018 12:22 pm
Location: Belgrade, Serbia
Contact:

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 5:12 pm

Switch to 7.1beta5 and enjoy that 64 bit time.
Are you seriously suggesting to use beta software in production environment?!? o.0
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 5:26 pm

Oh, in production you don't use certificates valid for 100 years.
Problem solved.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Fri Apr 30, 2021 6:25 pm

Oh, in production you don't use certificates valid for 100 years.
Problem solved.
+1000
 
Uxorious
just joined
Posts: 7
Joined: Sat Mar 28, 2020 10:48 pm

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Sun Nov 27, 2022 10:11 am

There appears to still be some problems with this.
As a test I created a certificate (on a PC) with an expiration set to the max allowed by the RFC (99991231235959Z).
This shows as much much less than year 9999.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Sun Nov 27, 2022 11:35 am

There appears to still be some problems with this.

I drove my family sedan on German Autobahn on section without speed limit and I wanted to go 1500 kph. Even if I pushed pedal to the metal, it wouldn't go faster than 190 kph. And yet speedometer goes up to 240 kph. There's definitely a problem with this.


The whole world is moving towards short-lived SSL certificates (LetsEncrypt hands out certificates with validity of 90 days since very beginning, all the rest are now on sub-year periods), and yet you're complaining that validity of 7977 years doesn't work correctly? Get serious, will you? Even if you install certificate with validity in 2038, you'll very probably have other problens with your device ... sooner. The way things are moving, RSA keys (and possibly current ED keys as well) will be obsolete before 2038 and you'll have to install another certificate because of that.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Sun Nov 27, 2022 5:47 pm

It's not just long validity. I need only one month, but since it's for my little time travelling project (sorry, can't say more, top secret), it needs to be in 9999. But even latest RouterOS 7.7beta8 doesn't like it, doesn't show any dates and expiration shows ~19k days and counting up. This clearly needs to be fixed, before "RouterOS, not ready for the future" becomes new motto. ;)

But seriously, it should be fixed if RFC allows it, even if it's not pressing matter.

Who is online

Users browsing this forum: adimihaix, Bing [Bot], coreshock, rplant, sted and 76 guests