Re: Wrong system clock vs X.509 date specifiers

From: Alan Cox
Date: Tue Sep 25 2012 - 11:55:30 EST

Next message: KOSAKI Motohiro: "Re: [PATCH] pagemap: fix wrong KPF_THP on slab pages"
Previous message: Gerd Hoffmann: "Re: USB tree closed for 3.7"
In reply to: Paolo Bonzini: "Re: Wrong system clock vs X.509 date specifiers"
Next in thread: Tomas Mraz: "Re: Wrong system clock vs X.509 date specifiers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 25 Sep 2012 16:35:20 +0100
David Howells <dhowells@xxxxxxxxxx> wrote:

> Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
>
> > Generate a certificate that is valid from a few minutes before the
> > wallclock time. It's a certificate policy question not a kernel hackery
> > one.
>
> That doesn't seem to be possible with openssl req. What would you recommend?

LD_PRELOAD ? or fixing it if GNUTLS certtool can't do the needed. We
shouldn't botch security checks in kernel code to work around crappy
userspace tools.

Alan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KOSAKI Motohiro: "Re: [PATCH] pagemap: fix wrong KPF_THP on slab pages"
Previous message: Gerd Hoffmann: "Re: USB tree closed for 3.7"
In reply to: Paolo Bonzini: "Re: Wrong system clock vs X.509 date specifiers"
Next in thread: Tomas Mraz: "Re: Wrong system clock vs X.509 date specifiers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]