"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime ("YYMMDDhhmm[ss]Z");
certificate validity dates in 2050 or later MUST be encoded as
GeneralizedTime ("YYYYMMDDHH[MM[SS[.fff]]]")."
Change-Id: I3cb9378984b5c5fefa708f0d073850d10acec286
for i in "${TIME_IDX[@]}"; do
for i in "${TIME_IDX[@]}"; do
- point=${year}${points[${i}]}
nextp=${points[$((${i} + 1))]}
nextp=${points[$((${i} + 1))]}
+ # adjustment of year according to RFC 5280 GeneralizedTime (>=2050) and UTCTime (<2050)
+ if (( year >= 2050 )); then
+ yearT=$year
+ else
+ yearT=$((year - 2000))
+ fi
+
+ point=${yearT}${points[${i}]}
+
if [[ "$nextp" == "" ]]; then
if [[ "$nextp" == "" ]]; then
- epoint=$((${year} + 3 ))${epoints[${i}]}
- epoint=$((${year} + 2 ))${epoints[${i}]}
+ if (( eyear >= 2050 )); then
+ eyearT=$eyear
+ else
+ eyearT=$((eyear - 2000))
+ fi
+
+
+ epoint=${eyearT}${epoints[${i}]}
+
for ca in "${STRUCT_CAS[@]}"; do
. ../CAs/$ca
genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
for ca in "${STRUCT_CAS[@]}"; do
. ../CAs/$ca
genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
epoints[1]="0705000000Z"
epoints[2]="0105000000Z"
epoints[1]="0705000000Z"
epoints[2]="0105000000Z"
-ROOT_VALIDITY="-startdate 20150101000000Z -enddate 20300101000000Z"
+ROOT_VALIDITY="-startdate 190101000000Z -enddate 340101000000Z"