Project

General

Profile

Bug #5885

32 bit ruby 1.8 cannot load times from SSL certificates past 2038

Added by drbrain (Eric Hodel) over 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
ruby -v:
ruby 1.8.7 (2010-08-16 patchlevel 302) [i386-freebsd8]
[ruby-core:42070]

Description

=begin
Since dates past 2038 don't fit in a 32 bit (({time_t})), ruby 1.8's OpenSSL extension cannot load them:

$ cat t.rb
require 'openssl'

cert = OpenSSL::X509::Certificate.new <<-CERT
-----BEGIN CERTIFICATE-----
MIIBRDCB76ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCoxDzANBgNVBAMMBm5vYm9k
eTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUwIBcNMTIwMTExMjE0NDA3WhgPOTk5
OTEyMzEyMzU5NTlaMCoxDzANBgNVBAMMBm5vYm9keTEXMBUGCgmSJomT8ixkARkW
B2V4YW1wbGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAscoEP176asKdDtezZ90S
HFr7Sak5uOUrt0vqGg0XX3RqgvBDrHCIIAxPtY9Wzj9dbzU2yyrZGQcaJYbEhecy
WwIDAQABMA0GCSqGSIb3DQEBBQUAA0EAprOCme4eJvWQj3+uZnHsokg/12x9zjHI
Vy1Sxd0QqVqgipzGEHv0SFWAyX0VCZsQyNCCLYDndAI0+q/8dZr+Tw==
-----END CERTIFICATE-----
CERT

p cert.not_before
p cert.not_after

$ ruby -v t.rb
ruby 1.8.7 (2010-08-16 patchlevel 302) [i386-freebsd8]
Wed Jan 11 21:44:07 UTC 2012
t.rb:16:in utc': time out of range (ArgumentError)
from t.rb:16:in
not_after'
from t.rb:16

I've tracked this down to (({ossl_asn1time_to_time()})) in ext/openssl/ossl_asn1.c calling (({Time.utc})):

return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);

The certificate is valid:

$ openssl x509 -in t.rb -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=nobody, DC=example
Validity
Not Before: Jan 11 21:44:07 2012 GMT
Not After : Dec 31 23:59:59 9999 GMT
Subject: CN=nobody, DC=example
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:b1:ca:04:3f:5e:fa:6a:c2:9d:0e:d7:b3:67:dd:
12:1c:5a:fb:49:a9:39:b8:e5:2b:b7:4b:ea:1a:0d:
17:5f:74:6a:82:f0:43:ac:70:88:20:0c:4f:b5:8f:
56:ce:3f:5d:6f:35:36:cb:2a:d9:19:07:1a:25:86:
c4:85:e7:32:5b
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
a6:b3:82:99:ee:1e:26:f5:90:8f:7f:ae:66:71:ec:a2:48:3f:
d7:6c:7d:ce:31:c8:57:2d:52:c5:dd:10:a9:5a:a0:8a:9c:c6:
10:7b:f4:48:55:80:c9:7d:15:09:9b:10:c8:d0:82:2d:80:e7:
74:02:34:fa:af:fc:75:9a:fe:4f

Note that ruby 1.9 on a 32 bit platform doesn't have this problem since Time always has a 64 bit range:

$ ruby19 -v t.rb
ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-freebsd8]
2012-01-11 21:44:07 UTC
9999-12-31 23:59:59 UTC
=end

History

Updated by MartinBosslet (Martin Bosslet) about 7 years ago

  • Status changed from Open to Assigned

Eric, can we close this? The only way to fix this that I see would be to move towards using DateTime internally, but I assume that's too much trouble?

Updated by nobu (Nobuyoshi Nakada) about 7 years ago

  • Description updated (diff)

=begin
: drbrain (Eric Hodel) wrote:
Note that ruby 1.9 on a 32 bit platform doesn't have this problem since Time always has a 64 bit range:

It is arbitrary bit range, not a 64 bit range.
=end

Updated by drbrain (Eric Hodel) about 7 years ago

Since ruby 1.8.7 is entering EOL I think it's ok to close this as wontfix.

Updated by MartinBosslet (Martin Bosslet) about 7 years ago

  • Status changed from Assigned to Closed

OK, thanks Eric, I'll close it then!

Also available in: Atom PDF