wrong time?

Jeff Sadowski jeff.sadowski
Wed May 7 17:29:38 PDT 2008


Interesting but could it effect what is coming from the certificate?
Everything else on the small computer looks right.
If you look at my original message
X509: Certificate not valid (now=1210001377 not_before=1156333193
not_after=1187869193)
the not_before and not_after are actually incorrect using epoch of jan
1 1970 00:00
I am thinking it is ok.
anyways I have a gumstix and am using standard build of it right now I
will mess with things when I get some time.(yeah right time)
it is an arm processor
I really think my cert at my office is incorrect and will look at my
wireless ap at the office next time i get a chance with my network
engineer who has the passwords.
If the cert is incorrect is ubuntu using wpa_supplicant wrong? How is
ubuntu able to connect and my gumstix is not? originally my gumstix
can't connect because it has no way of setting the time. but setting
the time by hand I get out of scope the other way. The "now" time
originally was 0
the 1210001377 was a few days ago and makes sense from seconds from epoch.

On Wed, May 7, 2008 at 6:06 PM, Lohmann, Peter <plohmann at intellidot.net> wrote:
>
>
>  What processor are you using?
>  We found a bug in the uClinux timer code of our Atmel processor (ARM7TDMI) that affected things like this.
>
>      -- Peter
>
>
>
>
>  -----Original Message-----
>  From: hostap-bounces at lists.shmoo.com on behalf of Jeff Sadowski
>  Sent: Wed 5/7/2008 4:57 PM
>  To: hostap at lists.shmoo.com
>  Subject: Re: wrong time?
>
>  In the process of finding this I found my certificate expired in 2007
>  I'll have to fix that but none of the other machines had a problem
>  connecting
>  I find it weird that my embedded device with less complete stuff
>  (uclibc instead of glibc) has a wpa_supplicant that checks where as my
>  ubuntu laptop had no issues connecting. So it would be nice for
>  connecting to imperfect networks that you know the cert is going to be
>  off anyways.
>
>  On Wed, May 7, 2008 at 12:37 PM, Jouni Malinen <j at w1.fi> wrote:
>  > On Wed, May 07, 2008 at 08:04:31AM -0600, Jeff Sadowski wrote:
>  >  > On Wed, May 7, 2008 at 3:16 AM, Jouni Malinen <j at w1.fi> wrote:
>  >
>  > > >  Well, you could disable the part of the certificate validation that
>  >  > >  verifies the notBefore/notAfter information if you do not have time
>  >  > >  easily available on your client device.
>  >
>  >
>  > > Can I do this with an option in wpa_supplicant.conf? or a flag to
>  >  > wpa_supplicant?
>  >
>  >  No, this would require a small change to the source code and rebuilding
>  >  the binary. I don't think I would like to see this as a runtime option
>  >  since this is against the requirements for certificate validation and is
>  >  only of some use on devices that do not have access to the current time.
>  >
>  >  --
>  >
>  >
>  > Jouni Malinen                                            PGP id EFC895FA
>  >  _______________________________________________
>  >  HostAP mailing list
>  >  HostAP at lists.shmoo.com
>  >  http://lists.shmoo.com/mailman/listinfo/hostap
>  >
>  _______________________________________________
>  HostAP mailing list
>  HostAP at lists.shmoo.com
>  http://lists.shmoo.com/mailman/listinfo/hostap
>
>



More information about the Hostap mailing list