an encounter with the epoch bug [08/11/2007 11:49:03]

Yesterday, I addded HTTPS support to an OpenID server I'm working on at cornerhost. Since it's just a prototype, I whipped up a self signed certificate.

Generally, I just have these things expire after 10 years, so I was surprised when one of my admin scripts sent me an email:

### stunnel certificate has expired!!! ###

Sure enough, when I examined the site in Firefox, I discovered my cert expired back in 1971!

What the heck?! So I hunted through my ~/.bash_history file, and found this:

openssl req -new -x509 -days 36500 -nodes  
   -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

I'd accidentally added an extra zero, creating a certificate good for one hundred years.

The only problem is: linux doesn't think that far ahead.