On Sat, Sep 29, 2012 at 08:13:25AM +0100, David Howells wrote: > Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote: > > > [ 2.808075] Loading module verification certificates > > [ 2.809331] X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has expired > > [ 2.810500] MODSIGN: Problem loading in-kernel X.509 certificate (-127) > > Hmmm... Other people have seen that. > > Ahhhhh! > > I wonder if the problem is that the certificate is valid for 100 years.... > That might well cause an overflow on a 32-bit system. That does seem quite plausible. The comparisons are done with time_t, which boils down to 'long' and 100 years in seconds would overflow LONG_MAX. > Could you try changing the '36500' in kernel/Makefile to something shorter, > like 365? I tried two values today. One close to LONG_MAX (24800 or ~68 years), and 10 years (3650). The former still seemed to overflow, but specifying a 10yr lifetime appears to have worked. josh -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
