[botan-devel] Sanity check currently ends on year 2100

Ondrej Spanel ondrej at bistudio.com
Thu Apr 5 05:49:39 EDT 2012


Hello,

the function X509_Time::passes_sanity_check currently considers all 
dates after 2100 to be "insane". The date seems quite close to me, and 
actually there exists plenty of certificates already which have expiry 
set to over 2100. One example are local self signed file encryption 
certificates of Microsoft Windows file system, which are issued to 
expire after 100 years, i.e. a certificate you will get if you install a 
new user account today will have the Nexpire in 2112.

I would suggest to increase this limit to some value which is not only 
unlikely, but really insane, like 100000. If you disagree with such 
change, please, at least increase the limit to 2200 to make sure the 
certificates mentioned can pass sanity check.

Best regards
Ondrej



More information about the botan-devel mailing list