[botan-devel] Sanity check currently ends on year 2100
ondrej at bistudio.com
Thu Apr 5 05:54:32 EDT 2012
the function X509_Time::passes_sanity_check currently considers all
dates after 2100 to be "insane". The date seems quite close to me, and
actually there already exist certificates which have expiry set to over
2100. One example are local self signed file encryption certificates of
Microsoft Windows file system, which are issued to expire after 100
years, i.e. a certificate you will get if you install a new user account
today will have the expire date in 2112.
I would suggest to increase this limit to some value which is not only
unlikely, but really insane, like 100000. If you disagree with such
change, please, at least increase the limit to 2200 to make sure the
certificates mentioned can pass sanity check.
More information about the botan-devel