[ovs-git] Open vSwitch: ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL. (branch-1.11)

dev at openvswitch.org dev at openvswitch.org
Wed May 8 17:30:10 UTC 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, branch-1.11 has been updated
       via  7e3a6167d7d268d5681489d66fc39c8af679e039 (commit)
      from  b8dddc27796ce9256d3b5ddb1aa2b5f910f543e0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7e3a6167d7d268d5681489d66fc39c8af679e039
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=7e3a6167d7d268d5681489d66fc39c8af679e039
Author: Ben Pfaff <blp at nicira.com>
		
ovs-pki: Reduce CA certificate validity to 10 years to fix 32-bit OpenSSL.
		
Before I applied this commit, when I generated CA certificate with OpenSSL
0.9.8o on my 32-bit Debian system, I got a certificate that expired
sometime in 1977.  This made all SSL-based tests fail with an invalid
certificate.

32-bit time_t only extends to 2038, so this must be a bug in OpenSSL.
This commit works around the problem by reducing the validity period of
certificates to 10 years.

CC: Gurucharan Shetty <gshetty at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>


-----------------------------------------------------------------------

Summary of changes:
 utilities/ovs-pki.in |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
Open vSwitch



More information about the git mailing list