Bug #79715 for Crypt-X509: Certificate dates after 2038 should return something usefull for time on 32 bits.

Besides not handling >32-bit dates, it appears that the certificate parsing aborts when it finds them. I could live with no dates, but stopping the parse makes the module useless for modern certificates. I understand that dates >2038 won't fit in a time_t, but Perl can certainly return a 64-bit value - or even a bignum. Clearly major issuers and tools (StartSSL and OpenSSL for sure) have settled on a working definition of generalTime. This issue has been open for 3 years - is the module being maintained? Attached cert produces (in the debugger): x $c = Crypt::X509->new( cert => slurpFile( '../test-ca/NetworkCA/ca_cert.cer' ) ) x $c->Subject 0 ARRAY(0xaa6fe9c) empty array x $c->error 0 'Day too big - 31045 > 24853 Cannot handle date (00, 00, 00, 31, 11, 2054) at /usr/lib/perl5/site_perl/5.8.8/Convert/ASN1/_decode.pm line 588. ' x $c 0 Crypt::X509=HASH(0xaa52aa8) '_error' => 'Day too big - 31045 > 24853 Cannot handle date (00, 00, 00, 31, 11, 2054) at /usr/lib/perl5/site_perl/5.8.8/Convert/ASN1/_decode.pm line 588. ' 'tbsCertificate' => HASH(0xaa6fea8) 'subject' => HASH(0xacec9d8) 'dn' => ARRAY(0xaa6fe9c) empty array OpenSSL has no problem with the certificate; I've attached the text output. Not After : Dec 31 00:00:00 2054 GMT (The sample certificate can not be validated on the public network as the crl & ocsp servers aren't visible.) This is with Perl 5.8.8, i686, Crypt::X509 version 0.51 (latest release). I'd appreciate any help.

Certificate: Data: Version: 3 (0x2) Serial Number: 12:9f:68:f2:1f:30:aa:5f:ed:ad:23:5a:a2:a6:f3:b6 Signature Algorithm: sha512WithRSAEncryption Issuer: O=litts.net, OU=Network Administration, CN=litts.net Primary CA Validity Not Before: Jan 2 22:12:12 2016 GMT Not After : Dec 31 00:00:00 2054 GMT Subject: O=litts.net, OU=Network Administration, CN=litts.net Network CA Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:c7:f8:fc:f4:f5:5f:fc:aa:23:3e:4c:02:ae:50: e2:24:fc:c7:ea:99:c8:7e:71:9a:90:1b:af:ce:27: bf:d4:13:52:39:70:22:af:4d:4a:c9:e0:7a:f4:82: a5:ad:01:c0:5f:bf:77:8e:b0:e2:c8:7d:8d:03:b6: cc:c3:31:7d:b0:dc:80:06:0a:8b:c0:d2:12:07:ea: 95:d0:5a:81:b2:10:a6:c8:71:c7:97:b0:0f:8f:07: ee:a4:33:64:3d:19:c2:d8:98:b5:9d:c6:7a:81:43: 88:45:e8:a1:b7:45:f9:e1:45:b6:49:1b:27:21:20: 42:2f:fa:64:6f:f8:79:75:20:f8:cc:dd:e6:17:d3: 99:6e:07:6b:3f:d1:88:bb:71:ce:52:70:4d:0e:b2: 85:38:6e:49:94:ab:fe:e0:62:02:62:6e:8a:08:cc: 12:67:3a:aa:37:b5:27:94:fd:08:7f:14:d7:b3:97: 80:17:a6:8a:48:d8:46:29:9b:07:79:6f:e9:cc:76: 91:c1:83:93:9a:2b:3f:a9:2d:16:43:53:52:c2:18: ce:df:74:07:a9:8a:09:80:1e:12:4a:35:fa:52:70: ca:83:60:bf:09:89:0d:cc:4b:8c:2e:85:8c:10:43: 5e:00:20:2e:64:28:be:84:92:b4:c2:8d:93:fc:25: 64:de:62:d3:a6:89:3e:8e:98:8b:a6:a9:5e:eb:cd: a4:f2:21:19:48:8b:f4:6b:4a:1e:aa:36:40:9a:9f: 6c:59:b0:72:30:10:6a:18:32:f9:7a:46:0b:67:37: ed:9d:a0:69:3e:1f:91:75:9d:c8:e1:ba:ad:ed:fb: 5d:fa:77:98:08:96:b2:f9:b0:f5:31:78:8d:6f:4b: 46:4a:1b:d0:55:04:80:45:5a:63:4b:e2:3d:22:16: 0d:ba:bd:0b:65:ab:9b:32:0f:01:37:fc:f8:53:53: 39:cd:b1:91:73:98:54:b3:3c:53:5b:ee:e4:96:ab: b5:98:91:fb:47:52:ad:4c:f8:7f:3e:35:e5:30:4e: 03:4a:4e:fc:5b:ef:87:19:a7:3e:24:71:30:bf:56: 99:57:c9:4f:bf:4a:44:a7:c1:49:98:42:ec:90:e8: 89:47:e7:75:9a:c0:43:25:f7:45:6e:00:4b:84:fc: 33:5b:24:1d:df:be:b6:5f:16:26:c8:9a:f6:f7:82: ef:7f:99:65:9d:cc:bf:db:1b:cb:79:df:f5:e5:c3: 27:7a:67:3b:34:33:70:67:9a:f2:64:0f:34:4a:f7: 6d:d0:a4:32:fb:e9:02:c5:d5:b5:68:72:04:b0:1b: b6:47:48:4a:43:59:6d:c8:7b:87:90:8c:91:a4:7d: 68:5a:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Issuer Alternative Name: email:security@litts.net X509v3 Subject Alternative Name: email:security@litts.net X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 25:27:76:E6:7E:92:A3:36:FB:89:CA:EA:53:EC:B9:AA:C7:59:B2:3B X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: OCSP - URI:http://security2.litts.net:2560/ocsp/root CA Issuers - URI:http://security.litts.net/ca/68edd9aa5e247f89661b83c4c43ef278.cer OCSP - URI:http://security1.litts.net:2560/ocsp/root X509v3 CRL Distribution Points: Full Name: URI:http://security1.litts.net/crl/root.crl Full Name: URI:http://security2.litts.net/crl/root.crl X509v3 Certificate Policies: Policy: 1.3.6.1.4.1.25043.1.1.1.1 CPS: http://security.litts.net/certpolicy.pdf X509v3 Authority Key Identifier: keyid:F1:B6:16:35:A9:D7:43:21:F1:F7:3B:A5:7E:4F:CC:6B:D9:B3:24:21 Signature Algorithm: sha512WithRSAEncryption 41:eb:35:11:3f:bc:5a:07:f7:97:23:8d:2f:2a:65:ff:85:cf: 92:db:e6:0f:7b:08:21:42:6a:91:ee:9d:9c:4c:78:73:62:2b: 67:38:e4:20:03:65:4b:33:05:89:c7:e6:28:d1:ac:08:fe:32: 21:1f:1f:5b:c3:8d:57:d1:62:f5:52:f4:50:a3:e3:fc:d2:41: d5:ad:e6:56:f2:1a:60:28:15:39:c5:02:24:6f:6a:ab:65:36: 11:d1:f5:63:b0:a4:61:2d:59:00:17:91:3d:dc:c8:2b:6c:1d: 6b:75:66:94:69:5b:e7:43:71:91:99:c6:fc:46:bf:5b:60:a7: a3:09:3d:4b:6c:92:12:81:0a:b3:b4:6f:a0:f1:5e:9f:ab:c2: 51:7f:a1:26:cb:07:0d:e2:1f:1e:65:99:2c:af:90:16:77:af: c5:70:3b:e8:74:83:f4:20:69:36:91:4c:7e:13:da:47:54:40: 48:34:65:6b:35:81:e9:cd:f7:61:d5:7d:e8:4c:0f:79:94:8f: fe:45:0b:37:8e:85:65:b9:d5:d8:f7:ba:13:66:9c:ca:9f:4a: 94:b3:02:14:8f:2c:ae:32:b6:68:79:f7:ea:26:ea:a2:42:75: 75:9b:f2:df:d0:56:d2:26:b9:19:4a:1e:da:6d:08:02:74:18: d4:57:fa:91:e0:d5:6c:c4:3b:3c:9d:a1:a3:5d:fa:9d:fa:5f: d5:4e:b9:95:cc:2d:8a:cb:23:6b:d4:76:a4:a1:05:73:d7:c2: ef:37:09:c0:41:d4:a0:6d:f1:ac:52:b5:ba:46:98:a7:8b:49: 25:97:8c:19:0a:28:1b:44:57:48:64:77:c7:1d:44:ac:5d:d2: 37:b5:b5:c6:f9:54:aa:54:98:c3:72:91:db:e1:d6:c5:10:da: 83:26:52:0f:f5:e4:6b:77:e8:08:f6:86:96:97:6e:ee:36:49: 1c:17:6b:db:4d:1e:97:10:c3:b5:0e:52:81:e6:10:68:ed:69: 62:61:98:61:2e:0e:e0:94:42:86:ef:19:2d:40:b2:be:99:35: 06:3e:75:b7:9d:2a:d1:2d:13:d6:bd:1f:68:3f:e4:8f:71:73: c6:a7:4e:50:b7:f9:85:6f:06:64:de:10:c4:d2:a9:e3:a2:b0: fd:07:f4:7c:08:67:00:40:87:c5:15:fc:37:c6:3b:b6:e6:cc: fe:ab:5e:30:64:22:30:51:f6:45:11:0b:86:1b:03:01:46:a3: 6a:7d:1d:59:4b:5c:be:82:e7:e9:cc:3c:b2:9b:26:76:66:11: 8e:b0:ed:48:d6:84:38:49:04:30:22:60:b4:55:8d:4d:53:99: 5d:8f:be:4e:bc:06:ee:92 -----BEGIN CERTIFICATE----- MIIHZTCCBU2gAwIBAgIQEp9o8h8wql/trSNaoqbztjANBgkqhkiG9w0BAQ0FADBU MRIwEAYDVQQKDAlsaXR0cy5uZXQxHzAdBgNVBAsMFk5ldHdvcmsgQWRtaW5pc3Ry YXRpb24xHTAbBgNVBAMMFGxpdHRzLm5ldCBQcmltYXJ5IENBMCAXDTE2MDEwMjIy MTIxMloYDzIwNTQxMjMxMDAwMDAwWjBUMRIwEAYDVQQKDAlsaXR0cy5uZXQxHzAd BgNVBAsMFk5ldHdvcmsgQWRtaW5pc3RyYXRpb24xHTAbBgNVBAMMFGxpdHRzLm5l dCBOZXR3b3JrIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx/j8 9PVf/KojPkwCrlDiJPzH6pnIfnGakBuvzie/1BNSOXAir01KyeB69IKlrQHAX793 jrDiyH2NA7bMwzF9sNyABgqLwNISB+qV0FqBshCmyHHHl7APjwfupDNkPRnC2Ji1 ncZ6gUOIReiht0X54UW2SRsnISBCL/pkb/h5dSD4zN3mF9OZbgdrP9GIu3HOUnBN DrKFOG5JlKv+4GICYm6KCMwSZzqqN7UnlP0IfxTXs5eAF6aKSNhGKZsHeW/pzHaR wYOTmis/qS0WQ1NSwhjO33QHqYoJgB4SSjX6UnDKg2C/CYkNzEuMLoWMEENeACAu ZCi+hJK0wo2T/CVk3mLTpok+jpiLpqle682k8iEZSIv0a0oeqjZAmp9sWbByMBBq GDL5ekYLZzftnaBpPh+RdZ3I4bqt7ftd+neYCJay+bD1MXiNb0tGShvQVQSARVpj S+I9IhYNur0LZaubMg8BN/z4U1M5zbGRc5hUszxTW+7klqu1mJH7R1KtTPh/PjXl ME4DSk78W++HGac+JHEwv1aZV8lPv0pEp8FJmELskOiJR+d1msBDJfdFbgBLhPwz WyQd3762XxYmyJr294Lvf5llncy/2xvLed/15cMnemc7NDNwZ5ryZA80Svdt0KQy ++kCxdW1aHIEsBu2R0hKQ1ltyHuHkIyRpH1oWnkCAwEAAaOCAi8wggIrMB0GA1Ud EgQWMBSBEnNlY3VyaXR5QGxpdHRzLm5ldDAdBgNVHREEFjAUgRJzZWN1cml0eUBs aXR0cy5uZXQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJSd25n6Sozb7icrq U+y5qsdZsjswDgYDVR0PAQH/BAQDAgEGMIHNBggrBgEFBQcBAQSBwDCBvTA1Bggr BgEFBQcwAYYpaHR0cDovL3NlY3VyaXR5Mi5saXR0cy5uZXQ6MjU2MC9vY3NwL3Jv b3QwTQYIKwYBBQUHMAKGQWh0dHA6Ly9zZWN1cml0eS5saXR0cy5uZXQvY2EvNjhl ZGQ5YWE1ZTI0N2Y4OTY2MWI4M2M0YzQzZWYyNzguY2VyMDUGCCsGAQUFBzABhilo dHRwOi8vc2VjdXJpdHkxLmxpdHRzLm5ldDoyNTYwL29jc3Avcm9vdDBnBgNVHR8E YDBeMC2gK6AphidodHRwOi8vc2VjdXJpdHkxLmxpdHRzLm5ldC9jcmwvcm9vdC5j cmwwLaAroCmGJ2h0dHA6Ly9zZWN1cml0eTIubGl0dHMubmV0L2NybC9yb290LmNy bDBRBgNVHSAESjBIMEYGDCsGAQQBgcNTAQEBATA2MDQGCCsGAQUFBwIBFihodHRw Oi8vc2VjdXJpdHkubGl0dHMubmV0L2NlcnRwb2xpY3kucGRmMB8GA1UdIwQYMBaA FPG2FjWp10Mh8fc7pX5PzGvZsyQhMA0GCSqGSIb3DQEBDQUAA4ICAQBB6zURP7xa B/eXI40vKmX/hc+S2+YPewghQmqR7p2cTHhzYitnOOQgA2VLMwWJx+Yo0awI/jIh Hx9bw41X0WL1UvRQo+P80kHVreZW8hpgKBU5xQIkb2qrZTYR0fVjsKRhLVkAF5E9 3MgrbB1rdWaUaVvnQ3GRmcb8Rr9bYKejCT1LbJISgQqztG+g8V6fq8JRf6EmywcN 4h8eZZksr5AWd6/FcDvodIP0IGk2kUx+E9pHVEBINGVrNYHpzfdh1X3oTA95lI/+ RQs3joVludXY97oTZpzKn0qUswIUjyyuMrZoeffqJuqiQnV1m/Lf0FbSJrkZSh7a bQgCdBjUV/qR4NVsxDs8naGjXfqd+l/VTrmVzC2KyyNr1HakoQVz18LvNwnAQdSg bfGsUrW6Rpini0kll4wZCigbRFdIZHfHHUSsXdI3tbXG+VSqVJjDcpHb4dbFENqD JlIP9eRrd+gI9oaWl27uNkkcF2vbTR6XEMO1DlKB5hBo7WliYZhhLg7glEKG7xkt QLK+mTUGPnW3nSrRLRPWvR9oP+SPcXPGp05Qt/mFbwZk3hDE0qnjorD9B/R8CGcA QIfFFfw3xju25sz+q14wZCIwUfZFEQuGGwMBRqNqfR1ZS1y+gufpzDyymyZ2ZhGO sO1I1oQ4SQQwImC0VY1NU5ldj75OvAbukg== -----END CERTIFICATE-----