Issue #5885 has been reported by Eric Hodel.

----------------------------------------
Bug #5885: 32 bit ruby 1.8 cannot load times from SSL certificates past 2038
https://bugs.ruby-lang.org/issues/5885

Author: Eric Hodel
Status: Open
Priority: Normal
Assignee: Martin Bosslet
Category: ext
Target version: 
ruby -v: ruby 1.8.7 (2010-08-16 patchlevel 302) [i386-freebsd8]


Since dates past 2038 don't fit in a 32 bit time_t, ruby 1.8's OpenSSL extension cannot load them:

  $ cat t.rb
  require 'openssl'

  cert = OpenSSL::X509::Certificate.new <<-CERT
  -----BEGIN CERTIFICATE-----
  MIIBRDCB76ADAgECAgEAMA0GCSqGSIb3DQEBBQUAMCoxDzANBgNVBAMMBm5vYm9k
  eTEXMBUGCgmSJomT8ixkARkWB2V4YW1wbGUwIBcNMTIwMTExMjE0NDA3WhgPOTk5
  OTEyMzEyMzU5NTlaMCoxDzANBgNVBAMMBm5vYm9keTEXMBUGCgmSJomT8ixkARkW
  B2V4YW1wbGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAscoEP176asKdDtezZ90S
  HFr7Sak5uOUrt0vqGg0XX3RqgvBDrHCIIAxPtY9Wzj9dbzU2yyrZGQcaJYbEhecy
  WwIDAQABMA0GCSqGSIb3DQEBBQUAA0EAprOCme4eJvWQj3+uZnHsokg/12x9zjHI
  Vy1Sxd0QqVqgipzGEHv0SFWAyX0VCZsQyNCCLYDndAI0+q/8dZr+Tw==
  -----END CERTIFICATE-----
  CERT

  p cert.not_before
  p cert.not_after

  $ ruby -v t.rb
  ruby 1.8.7 (2010-08-16 patchlevel 302) [i386-freebsd8]
  Wed Jan 11 21:44:07 UTC 2012
  t.rb:16:in `utc': time out of range (ArgumentError)
          from t.rb:16:in `not_after'
          from t.rb:16

I've tracked this down to ossl_asn1time_to_time() in ext/openssl/ossl_asn1.c calling Time.utc:

  return rb_funcall2(rb_cTime, rb_intern("utc"), 6, argv);

The certificate is valid:

  $ openssl x509 -in t.rb -noout -text
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 0 (0x0)
          Signature Algorithm: sha1WithRSAEncryption
          Issuer: CN=nobody, DC=example
          Validity
              Not Before: Jan 11 21:44:07 2012 GMT
              Not After : Dec 31 23:59:59 9999 GMT
          Subject: CN=nobody, DC=example
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
              RSA Public Key: (512 bit)
                  Modulus (512 bit):
                      00:b1:ca:04:3f:5e:fa:6a:c2:9d:0e:d7:b3:67:dd:
                      12:1c:5a:fb:49:a9:39:b8:e5:2b:b7:4b:ea:1a:0d:
                      17:5f:74:6a:82:f0:43:ac:70:88:20:0c:4f:b5:8f:
                      56:ce:3f:5d:6f:35:36:cb:2a:d9:19:07:1a:25:86:
                      c4:85:e7:32:5b
                  Exponent: 65537 (0x10001)
      Signature Algorithm: sha1WithRSAEncryption
          a6:b3:82:99:ee:1e:26:f5:90:8f:7f:ae:66:71:ec:a2:48:3f:
          d7:6c:7d:ce:31:c8:57:2d:52:c5:dd:10:a9:5a:a0:8a:9c:c6:
          10:7b:f4:48:55:80:c9:7d:15:09:9b:10:c8:d0:82:2d:80:e7:
          74:02:34:fa:af:fc:75:9a:fe:4f

Note that ruby 1.9 on a 32 bit platform doesn't have this problem since Time always has a 64 bit range:

  $ ruby19 -v t.rb
  ruby 1.9.2p0 (2010-08-18 revision 29036) [i386-freebsd8]
  2012-01-11 21:44:07 UTC
  9999-12-31 23:59:59 UTC



-- 
http://bugs.ruby-lang.org/