[Cryptlib] Error: CERTTIME_DATETEST must be > MIN_TIME

Discussion:

[Cryptlib] Error: CERTTIME_DATETEST must be > MIN_TIME_VALUE

Peter Gutmann

2021-03-25 00:33:03 UTC

Jeffrey Walton <***@gmail.com> writes:

>testlib is having an issue at:
>
>Testing CA certificate creation/export...
>Error: CERTTIME_DATETEST must be > MIN_TIME_VALUE.

It looks like you've got a new enough version of gcc on there that
MIN_TIME_VALUE can be evaluated from the current time rather than a static
value, so it's automatically newer than the static CERTTIME_DATETEST. What you
can do at the start of the file, just after CERTTIME_DATETEST is defined, is:

#undef CERTTIME_DATETEST
#define CERTTIME_DATETEST MIN_TIME_VALUE + 1
#endif

Peter.

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Peter Gutmann

2021-03-26 00:51:22 UTC

Permalink

Jeffrey Walton <***@gmail.com> writes:

>Where does MIN_TIME_VALUE come from?
>
>I see it referenced in test/certs.c, but I don't see it defined anywhere. And
>a search on the web is not turning up useful hits.

It's defined in misc/config.h. Sometimes the test code has to access
cryptlib-internal values for bounds/range checks.

Peter.

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Jeffrey Walton

2021-03-26 00:59:37 UTC

Permalink

On Thu, Mar 25, 2021 at 8:51 PM Peter Gutmann <***@cs.auckland.ac.nz> wrote:
>
> Jeffrey Walton <***@gmail.com> writes:
>
> >Where does MIN_TIME_VALUE come from?
> >
> >I see it referenced in test/certs.c, but I don't see it defined anywhere. And
> >a search on the web is not turning up useful hits.
>
> It's defined in misc/config.h. Sometimes the test code has to access
> cryptlib-internal values for bounds/range checks.

Ack, thanks.

I think it may be time to cut 3.4.6 loose (assuming it has up-to-date
crypto material). 3.4.5 is having trouble:

********************
Warning: This key has expired. Certificate-related operations will fail or
result in error messages from the test code.
********************
Hit a key...
cryptSignCert() failed with error code -26, line 2035.
Error info attributes report locus 2018, type 5 (CRYPT_ERRTYPE_CONSTRAINT).

Jeff

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

Jeffrey Walton

2021-03-26 00:46:55 UTC

Permalink

On Thu, Mar 25, 2021 at 8:42 PM Jeffrey Walton <***@gmail.com> wrote:
>
> On Wed, Mar 24, 2021 at 8:33 PM Peter Gutmann <***@cs.auckland.ac.nz> wrote:
> >
> > Jeffrey Walton <***@gmail.com> writes:
> >
> > >testlib is having an issue at:
> > >
> > >Testing CA certificate creation/export...
> > >Error: CERTTIME_DATETEST must be > MIN_TIME_VALUE.
> >
> > It looks like you've got a new enough version of gcc on there that
> > MIN_TIME_VALUE can be evaluated from the current time rather than a static
> > value, so it's automatically newer than the static CERTTIME_DATETEST. What you
> > can do at the start of the file, just after CERTTIME_DATETEST is defined, is:
> >
> > #undef CERTTIME_DATETEST
> > #define CERTTIME_DATETEST MIN_TIME_VALUE + 1
> > #endif
>
> Thanks Doc.
>
> Where does MIN_TIME_VALUE come from?
>
> I see it referenced in test/certs.c, but I don't see it defined
> anywhere. And a search on the web is not turning up useful hits.

Cancel... I was searching for the wrong define.

Jeff

_______________________________________________
Cryptlib mailing list
***@mbsks.franken.deAdministration via Mail: cryptlib-***@mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.