Re: RFC: sign the modules at install time

From: David Howells
Date: Fri Oct 19 2012 - 07:21:51 EST

Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

> > (Side note: I hope people realize that the random key is generated
> > with a 100-year lifespan. So if you build a kernel today, you do
> > potentially have a "year-2112 problem". I'm not horribly worried, but
> > I *am* a bit worried about 32-bit time_t overflow and I hope 32-bit
> > openssl doesn't do anything odd)
> Yep, David's original patch had that problem; he fixed the kernel's x509
> handling to use struct tm, not time_t, and now it Just Works.

That's assuming that 32-bit *openssl* gets it right when generating the key.
Trying it on my 32-bit laptop, I see:

154:d=3 hl=2 l= 15 prim: GENERALIZEDTIME :21120925112014Z

so I guess it does.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at