Opened 5 years ago

Last modified 3 years ago

#15856 new enhancement

SoftwareUpdater: more precise error on not yet valid certs

Reported by: nephele Owned by: perelandra
Priority: normal Milestone: Unscheduled
Component: Applications/SoftwareUpdater Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description (last modified by nephele)

When SoftwareUpdater encounters x.509 valid in the future it should report this directly instead of reporting an updating failure or sometihng

I have had some machines with broken CMOS battery, and even beeing aware of this it took me some time to understand why the updates failed :)

Change History (8)

comment:1 by pulkomandy, 5 years ago

Just show a more detailed message, like "Certificate is not yet valid". This should give a good enough clue about the problem, I'd say?

And we should fix our NTP sync code to synchronize properly on boot (or more precisely, when network is up), so this does not happen. Not workaround it everywhere in the code where a date may be used. Because it's not just TLS certificates: HTTP cookies will never expire, for example; the history menu in Web+ will do strange things, etc.

comment:2 by nephele, 5 years ago

Description: modified (diff)

comment:3 by nephele, 5 years ago

I actually can't change the title of my own tickets, so feel free to change it :)

comment:4 by nephele, 3 years ago

Summary: TLS: offer to sync time on rejected cert in the futureTLS: more precise error on not yet valid certs

comment:5 by Coldfirex, 3 years ago

What does our ntp sync do today?

comment:6 by nephele, 3 years ago

sync the time via ntp? Not sure what you mean.

in reply to:  6 comment:7 by Coldfirex, 3 years ago

Replying to nephele:

sync the time via ntp? Not sure what you mean.

It was in reply to this: "And we should fix our NTP sync code to synchronize properly on boot (or more precisely, when network is up), so this does not happen."

comment:8 by nephele, 3 years ago

Component: User InterfaceApplications/SoftwareUpdater
Owner: changed from stippi to perelandra
Summary: TLS: more precise error on not yet valid certsSoftwareUpdater: more precise error on not yet valid certs
Note: See TracTickets for help on using tickets.