From 36bc854c86908ee921225c1d30e35c4d59eed822 Mon Sep 17 00:00:00 2001 From: Andreas Metzler Date: Mon, 14 Aug 2023 17:27:16 +0100 Subject: [PATCH] GnuTLS: fix autogen cert expiry date. Bug 3014 Broken-by: 48e9099006 --- doc/ChangeLog | 3 +++ src/tls-gnu.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -79,10 +79,13 @@ JH/32 Fix "tls_dhparam = none" under Gnu a null-indireciton SIGSEGV for the receive process. JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}. In 4.96 this would expand to empty. +JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server + certificate. Find and fix by Andreas Metzler. + Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should --- a/src/tls-gnu.c +++ b/src/tls-gnu.c @@ -1001,11 +1001,11 @@ if ((rc = gnutls_x509_privkey_generate(p where = US"configuring cert"; now = 1; if ( (rc = gnutls_x509_crt_set_version(cert, 3)) || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now))) || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL))) - || (rc = gnutls_x509_crt_set_expiration_time(cert, (long)2 * 60 * 60)) /* 2 hour */ + || (rc = gnutls_x509_crt_set_expiration_time(cert, now + (long)2 * 60 * 60)) /* 2 hour */ || (rc = gnutls_x509_crt_set_key(cert, pkey)) || (rc = gnutls_x509_crt_set_dn_by_oid(cert, GNUTLS_OID_X520_COUNTRY_NAME, 0, "UK", 2)) || (rc = gnutls_x509_crt_set_dn_by_oid(cert,