[Mono-bugs] [Bug 353514] New: X509Certificate' s ValidFrom and ValidUntil should not be in local time

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sat Jan 12 14:21:56 EST 2008


           Summary: X509Certificate's ValidFrom and ValidUntil should not be
                    in local time
           Product: Mono: Class Libraries
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Mono.Security
        AssignedTo: spouliot at novell.com
        ReportedBy: gert.driesen at pandora.be
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---

Currently, X509Certificate's ValidFrom and ValidUntil are in local time while
they were intended to be in UTC time (eg. check X509Certificate.IsCurrent).

As a result, some valid certificates are consider expired or not yet valid.

I'm pretty this is caused by a buglet in ASN1Convert.ToDateTime on the 1.0
profile. To parse the date, ParseExact is used with default DateTimeStyles:

        DateTime result = DateTime.ParseExact (t, mask, null);
        if (utc)
                return result;
        return result.ToUniversalTime ();

It appears we assumed that if the input string was in UTC, the result would
remain in UTC and hence no ToUniversalTime is needed.

I think we need to do this:

        DateTimeStyles style = utc ? DateTimeStyles.AdjustToUniversal
                : DateTimeStyles.None;
        DateTime result = DateTime.ParseExact (t, mask, null, style);
        if (utc)
                return result;
        return result.ToUniversalTime ();

This fixes the issue for me, but I haven't yet checked for any regressions this
may cause in System X509Certificate(2).

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list