From: Fabian Keil Date: Wed, 23 Sep 2020 12:26:56 +0000 (+0200) Subject: OpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT X-Git-Tag: v_3_0_29~88 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/-%22http:/sourceforge.net/static/gitweb.js?a=commitdiff_plain;h=aff9f77a4df808dadc3c871c170712d8bd1584e6;p=privoxy.git OpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT Otherwise OpenSSL uses the GENERALIZEDTIME ASN.1 encoding which results in LibreSSL-based clients rejecting the certificate because they want the UTCTIME encoding if the year is before 2050. Example: fk@openbsd ~ $curl https://www.electrobsd.org/ curl: (60) SSL certificate problem: format error in certificate's notBefore field [...] --- diff --git a/openssl.c b/openssl.c index d911aff9..4a0e23b3 100644 --- a/openssl.c +++ b/openssl.c @@ -55,7 +55,7 @@ #define CERTIFICATE_AUTHORITY_KEY "keyid:always" #define CERTIFICATE_ALT_NAME_PREFIX "DNS:" #define CERTIFICATE_VERSION 2 -#define VALID_DATETIME_FMT "%Y%m%d%H%M%SZ" +#define VALID_DATETIME_FMT "%y%m%d%H%M%SZ" #define VALID_DATETIME_BUFLEN 16 static int generate_webpage_certificate(struct client_state *csp);