From: Andreas Metzler <ametzler@bebt.de>
Date: Mon, 14 Aug 2023 16:27:16 +0000 (+0100)
Subject: GnuTLS: fix autogen cert expiry date.  Bug 3014
X-Git-Tag: exim-4.97-RC0~32
X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/36bc854c86908ee921225c1d30e35c4d59eed822

GnuTLS: fix autogen cert expiry date.  Bug 3014

Broken-by: 48e9099006
---

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index efdc228b6..aa1db1dfe 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -176,6 +176,9 @@ JH/33 Fix free for live variable $value created by a ${run ...} expansion.
 JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
       In 4.96 this would expand to empty.
 
+JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
+      certificate.  Find and fix by Andreas Metzler.
+
 
 Exim version 4.96
 -----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index dd70e73e1..e706b6386 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1016,7 +1016,7 @@ now = 1;
 if (  (rc = gnutls_x509_crt_set_version(cert, 3))
    || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
    || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
-   || (rc = gnutls_x509_crt_set_expiration_time(cert, (long)2 * 60 * 60))	/* 2 hour */
+   || (rc = gnutls_x509_crt_set_expiration_time(cert, now + (long)2 * 60 * 60))	/* 2 hour */
    || (rc = gnutls_x509_crt_set_key(cert, pkey))
 
    || (rc = gnutls_x509_crt_set_dn_by_oid(cert,