Re: RFC: sign the modules at install time
From: David Howells
Date: Fri Oct 19 2012 - 07:21:51 EST
Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
> > (Side note: I hope people realize that the random key is generated
> > with a 100-year lifespan. So if you build a kernel today, you do
> > potentially have a "year-2112 problem". I'm not horribly worried, but
> > I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
> > openssl doesn't do anything odd)
> Yep, David's original patch had that problem; he fixed the kernel's x509
> handling to use struct tm, not time_t, and now it Just Works.
That's assuming that 32-bit *openssl* gets it right when generating the key.
Trying it on my 32-bit laptop, I see:
154:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :21120925112014Z
so I guess it does.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/