CA in the certificate profiles the startTime parameter is not working as expected. This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects. Tested with a simple enrollment in the caUserCert profile by setting the startTime constraint to the offending value listed in the ticket/bug. The correct start time 30 days in the future was calculated and made part of the cert. Issue: https://pagure.io/dogtagpki/issue/2520
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
Tested this out, and agree that limiting this to simply "startTime" was the right decision.
ACK