Closed Bug 473169 Opened 16 years ago Closed 16 years ago

Crlutil ignores time zone when setting revocation time.

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID
Milestone:
3.12.3

People

(Reporter: slavomir.katuscak+mozilla, Assigned: alvolkov.bgs)

Details

Scenario:
1. Revoke certificate using crlutil (set current date/time as revocation time).
2. Try to verify certificate chain using vfychain.

Situation in Prague (GMT+1):
- certificate not revoked, will take efect in 8 hour
- when I set revocation time to current date -1 hour or more then is revoked.

Situation in Santa Clara (GMT-8):
- certificate revoked
- also certificate with revocation time up to +8 hours is revoked. 

Looking to crlutil details (crlutil -d testdb -L -n CA) doesn't show any information about time zone, it just set time as set in input ignoring local time zone. In my opition correct way for this would be to convert time from input to GMT or at least enforce user to set revocation time in GMT.

Vfychain seems to be doing reverse time conversion, that's why freshly revoked certificate seems to be not revoked, because after conversion revocation time is in future.
As crlutil doc explains, the input date for thisUpdate and nextUpdate should be in GMT not the local time zone. So, the time that is passed to crlutil should be adjusted.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.