[ovs-git] Open vSwitch: ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL. (master)
dev at openvswitch.org
dev at openvswitch.org
Wed May 8 17:29:43 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".
The branch, master has been updated
via d652859bfd3fd81f3db9344ae5760ba756600b97 (commit)
from 557323cd11f0b02c0dc755f65699895df02781de (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d652859bfd3fd81f3db9344ae5760ba756600b97
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=d652859bfd3fd81f3db9344ae5760ba756600b97
Author: Ben Pfaff <blp at nicira.com>
ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL.
Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977. This made all SSL-based tests fail with an invalid
certificate.
32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.
CC: Gurucharan Shetty <gshetty at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>
-----------------------------------------------------------------------
Summary of changes:
utilities/ovs-pki.in | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
hooks/post-receive
--
Open vSwitch
More information about the git
mailing list