753e3b7ae3 (master): [ruby/openssl] asn1: align UTCTime year range with RFC 5280
1 view
Skip to first unread message
Kazuki Yamaguchi
Jul 12, 2025, 9:25:36 AMJul 12
to ruby...@ruby-lang.org
Kazuki Yamaguchi 2025-02-27 11:18:43 +0000 (Thu, 27 Feb 2025)
New Revision: 753e3b7ae3
https://github.com/ruby/ruby/commit/753e3b7ae3
Log:
[ruby/openssl] asn1: align UTCTime year range with RFC 5280
ASN.1 UTCTime uses two-digit years. While X.680 does not specify how to
map them as far as I can tell, X.509/PKIX uses this type to represent
dates between year 1950-2049.
OpenSSL::ASN1.decode has used 1969-2068 since the initial
implementation. Given that ASN1::UTCTime#to_der relies on OpenSSL
ASN1_UTCTIME type, which assumes the 1950-2049 range, this was likely
unintentional.
Use the range 1950-2049 consistently, and fix decoding of X.509
certificates with dates in 1950-1968.
https://github.com/ruby/openssl/commit/b8b38e1438
Modified files:
ext/openssl/ossl_asn1.c
test/openssl/test_asn1.rb
New Revision: 753e3b7ae3
https://github.com/ruby/ruby/commit/753e3b7ae3
Log:
[ruby/openssl] asn1: align UTCTime year range with RFC 5280
ASN.1 UTCTime uses two-digit years. While X.680 does not specify how to
map them as far as I can tell, X.509/PKIX uses this type to represent
dates between year 1950-2049.
OpenSSL::ASN1.decode has used 1969-2068 since the initial
implementation. Given that ASN1::UTCTime#to_der relies on OpenSSL
ASN1_UTCTIME type, which assumes the 1950-2049 range, this was likely
unintentional.
Use the range 1950-2049 consistently, and fix decoding of X.509
certificates with dates in 1950-1968.
https://github.com/ruby/openssl/commit/b8b38e1438
Modified files:
ext/openssl/ossl_asn1.c
test/openssl/test_asn1.rb
Reply all
Reply to author
Forward
0 new messages