OpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT

Otherwise OpenSSL uses the GENERALIZEDTIME ASN.1 encoding
which results in LibreSSL-based clients rejecting
the certificate because they want the UTCTIME encoding
if the year is before 2050.

Example:

    fk@openbsd ~ $curl https://www.electrobsd.org/
    curl: (60) SSL certificate problem: format error in certificate's notBefore field
    [...]

diff --git a/openssl.c b/openssl.c
index d911aff..4a0e23b 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -55,7 +55,7 @@
 #define CERTIFICATE_AUTHORITY_KEY                "keyid:always"
 #define CERTIFICATE_ALT_NAME_PREFIX              "DNS:"
 #define CERTIFICATE_VERSION                      2
-#define VALID_DATETIME_FMT                       "%Y%m%d%H%M%SZ"
+#define VALID_DATETIME_FMT                       "%y%m%d%H%M%SZ"
 #define VALID_DATETIME_BUFLEN                    16
 
 static int generate_webpage_certificate(struct client_state *csp);