Merge pull request #909 from rhenium/ky/asn1-utctime-fix-range

asn1: align UTCTime year range with RFC 5280

Author: rhenium

ext/openssl/ossl_asn1.c

@@ -36,7 +36,7 @@ asn1time_to_time(const ASN1_TIME *time)
 	    ossl_raise(rb_eTypeError, "bad UTCTIME format: \"%s\"",
 		    time->data);
 	}
-	if (tm.tm_year < 69) {
+	if (tm.tm_year < 50) {
 	    tm.tm_year += 2000;
 	} else {
 	    tm.tm_year += 1900;

test/openssl/test_asn1.rb

@@ -411,13 +411,16 @@ def test_set
   def test_utctime
     encode_decode_test B(%w{ 17 0D }) + "160908234339Z".b,
       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 39))
-    begin
-      # possible range of UTCTime is 1969-2068 currently
-      encode_decode_test B(%w{ 17 0D }) + "690908234339Z".b,
-        OpenSSL::ASN1::UTCTime.new(Time.utc(1969, 9, 8, 23, 43, 39))
-    rescue OpenSSL::ASN1::ASN1Error
-      pend "No negative time_t support?"
-    end
+
+    # 1950-2049 range is assumed to match RFC 5280's expectation
+    encode_decode_test B(%w{ 17 0D }) + "490908234339Z".b,
+      OpenSSL::ASN1::UTCTime.new(Time.utc(2049, 9, 8, 23, 43, 39))
+    encode_decode_test B(%w{ 17 0D }) + "500908234339Z".b,
+      OpenSSL::ASN1::UTCTime.new(Time.utc(1950, 9, 8, 23, 43, 39))
+    assert_raise(OpenSSL::ASN1::ASN1Error) {
+      OpenSSL::ASN1::UTCTime.new(Time.new(2049, 12, 31, 23, 0, 0, "-04:00")).to_der
+    }
+
     # not implemented
     # decode_test B(%w{ 17 11 }) + "500908234339+0930".b,
     #   OpenSSL::ASN1::UTCTime.new(Time.new(1950, 9, 8, 23, 43, 39, "+09:30"))