Google Git
Sign in
android / platform / external / python / cryptography / 767fa8511caade795457b23ea9d3d85af1ed12bb
commit767fa8511caade795457b23ea9d3d85af1ed12bb[log] [tgz]
authorPaul Kehrer <paul.l.kehrer@gmail.com>Mon Jan 21 22:36:25 2019 -0600
committerAlex Gaynor <alex.gaynor@gmail.com>Mon Jan 21 23:36:25 2019 -0500
tree917394e703ca72b35c82b2c9b06e1db22c0363a5
parent5b3e735253d4cc1c7f51dedc11c9ca5eeb6f451f [diff]
allow 32-bit platforms to encode certs with dates > unix epoch (#4727)

Previously we used unix timestamps, but now we are switching to using
ASN1_TIME_set_string and automatically formatting the string based on
the year. The rule is as follows:

Per RFC 5280 (section 4.1.2.5.), the valid input time
strings should be encoded with the following rules:

1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ

Notably, Dates < 1950 are not valid UTCTime. At the moment we still
reject dates < Jan 1, 1970 in all cases but a followup PR can fix
that.
2 files changed
tree: 917394e703ca72b35c82b2c9b06e1db22c0363a5
  1. .github/
  2. .jenkins/
  3. .travis/
  4. docs/
  5. src/
  6. tests/
  7. vectors/
  8. .coveragerc
  9. .gitignore
  10. .travis.yml
  11. AUTHORS.rst
  12. CHANGELOG.rst
  13. codecov.yml
  14. CONTRIBUTING.rst
  15. dev-requirements.txt
  16. Jenkinsfile
  17. LICENSE
  18. LICENSE.APACHE
  19. LICENSE.BSD
  20. LICENSE.PSF
  21. MANIFEST.in
  22. pyproject.toml
  23. README.rst
  24. release.py
  25. rtd-requirements.txt
  26. setup.py
  27. tox.ini