* Re: [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure
@ 2019-08-30 15:25 David Howells
2019-08-30 15:54 ` David Howells
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: David Howells @ 2019-08-30 15:25 UTC (permalink / raw)
To: keyrings
Yihao Wu <wuyihao@linux.alibaba.com> wrote:
> Signed-off-by: Yihao Wu <wuyihao@xxxxxxxxxxxxxxxxx>
xxxxxxxxxxxxxxxxx? Can I substitute your actual domain name for that?
David
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure
2019-08-30 15:25 [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure David Howells
@ 2019-08-30 15:54 ` David Howells
2019-08-31 3:20 ` Jia Zhang
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: David Howells @ 2019-08-30 15:54 UTC (permalink / raw)
To: keyrings
Yihao Wu <wuyihao@linux.alibaba.com> wrote:
> + prep->expiry = cert->valid_to;
Note that this patch has whitespace breakage, but I can fix that up by hand.
David
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure
2019-08-30 15:25 [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure David Howells
2019-08-30 15:54 ` David Howells
@ 2019-08-31 3:20 ` Jia Zhang
2019-08-31 8:27 ` Yihao Wu
2019-09-02 7:19 ` David Howells
3 siblings, 0 replies; 5+ messages in thread
From: Jia Zhang @ 2019-08-31 3:20 UTC (permalink / raw)
To: keyrings
On 2019/8/30 下午11:25, David Howells wrote:
> Yihao Wu <wuyihao@linux.alibaba.com> wrote:
>
>> Signed-off-by: Yihao Wu <wuyihao@xxxxxxxxxxxxxxxxx>
>
> xxxxxxxxxxxxxxxxx? Can I substitute your actual domain name for that?
Yes you can. Yihao just went on vacation.
Thanks,
Jia
>
> David
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure
2019-08-30 15:25 [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure David Howells
2019-08-30 15:54 ` David Howells
2019-08-31 3:20 ` Jia Zhang
@ 2019-08-31 8:27 ` Yihao Wu
2019-09-02 7:19 ` David Howells
3 siblings, 0 replies; 5+ messages in thread
From: Yihao Wu @ 2019-08-31 8:27 UTC (permalink / raw)
To: keyrings
On 2019/8/30 11:54 PM, David Howells wrote:
> Yihao Wu <wuyihao@linux.alibaba.com> wrote:
>
>> + prep->expiry = cert->valid_to;
>
> Note that this patch has whitespace breakage, but I can fix that up by hand.
>
> David
>
Thanks!
Yihao
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure
2019-08-30 15:25 [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure David Howells
` (2 preceding siblings ...)
2019-08-31 8:27 ` Yihao Wu
@ 2019-09-02 7:19 ` David Howells
3 siblings, 0 replies; 5+ messages in thread
From: David Howells @ 2019-09-02 7:19 UTC (permalink / raw)
To: keyrings
Yihao Wu <wuyihao@linux.alibaba.com> wrote:
> Expiry time is not utilized by X.509 cert yet. This patch reads expiry
> from X.509 cert into key_preparsed_payload. Then it is passed to key
> structure when the key is being instantiated.
Thinking on it again, it's more complicated than you think: Unless you can
guarantee that the system clock is correct at time of boot, this may cause the
system to fail to boot. The certs used for module signing and suchlike may
appear to be expired because the clock is wrong and thus not be usable.
David
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-09-02 7:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-30 15:25 [PATCH RESEND] KEYS: pass expiry from X.509 cert to key structure David Howells
2019-08-30 15:54 ` David Howells
2019-08-31 3:20 ` Jia Zhang
2019-08-31 8:27 ` Yihao Wu
2019-09-02 7:19 ` David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.