[botan-devel] Sanity check currently ends on year 2100

Ondrej Spanel ondrej at bistudio.com
Thu Apr 5 05:54:32 EDT 2012


Hello,

the function X509_Time::passes_sanity_check currently considers all 
dates after 2100 to be "insane". The date seems quite close to me, and 
actually there already exist certificates which have expiry set to over 
2100. One example are local self signed file encryption certificates of 
Microsoft Windows file system, which are issued to expire after 100 
years, i.e. a certificate you will get if you install a new user account 
today will have the expire date in 2112.

I would suggest to increase this limit to some value which is not only 
unlikely, but really insane, like 100000. If you disagree with such 
change, please, at least increase the limit to 2200 to make sure the 
certificates mentioned can pass sanity check.

Best regards
Ondrej



More information about the botan-devel mailing list