Document 32-bit time_t problem on minw-w64 toolchain and how to avoid it

author: Paul Graham <development@winomega.com> 2017-02-15 23:04:04 +0100
committer: Paul Graham <development@winomega.com> 2017-02-15 23:04:04 +0100
commit: b2b47a7d113c2ac0e574ea4c3528780c30ef1aab (patch)
tree: d4b2c836de7a47a49fe539e2cd99966a0a6bd58b
parent: 9d75e5ea975fc6d1b8b6eb333416d76144f7d2ee (diff)
download: portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.tar.gz
portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.tar.bz2
portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.zip
2 files changed, 29 insertions, 1 deletions
diff --git a/README.windows b/README.windows
index 27c2182..a88ddc9 100644
--- a/README.windows
+++ b/README.windows
@@ -12,7 +12,8 @@ cross compilers on Windows.
 To configure and build LibreSSL for a 32-bit system, use the following
 build steps:
- CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
+ CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
+ ./configure --host=i686-w64-mingw32
 make
 make check
@@ -22,6 +23,25 @@ For 64-bit builds, use these instead:
 make
 make check
+# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
+An ABI change introduced with Microsoft Visual C++ 2005 (also known as
+Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
+build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
+is unable to represent times past 2038 (this is commonly known as the
+Y2K38 problem).
+If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
+expiry date is set past 19 January 2038, it will be unable to tell if the
+certificate has expired or not, and thus take the safe stance and reject it.
+In order to avoid this, you need to build LibreSSL (and everything that links
+with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
+use the new ABI.
+64-bit systems always have a 64-bit time_t and are not affected by this
+problem.
 # Using Libressl with Visual Studio
 A script for generating ready-to-use .DLL and static .LIB files is included in
diff --git a/configure.ac b/configure.ac
index eecfb41..42bbca3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -142,6 +142,14 @@ AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
 if test "$ac_cv_sizeof_time_t" = "4"; then
    echo " ** Warning, this system is unable to represent times past 2038"
    echo " ** It will behave incorrectly when handling valid RFC5280 dates"
+    if test "$host_os" = "mingw32" ; then
+        echo " **"
+        echo " ** You can solve this by adjusting the build flags in your"
+        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
+    fi
+    exit 1
 fi
 AC_REQUIRE_AUX_FILE([tap-driver.sh])
author	Paul Graham <development@winomega.com>	2017-02-15 23:04:04 +0100
committer	Paul Graham <development@winomega.com>	2017-02-15 23:04:04 +0100
commit	b2b47a7d113c2ac0e574ea4c3528780c30ef1aab (patch)
tree	d4b2c836de7a47a49fe539e2cd99966a0a6bd58b
parent	9d75e5ea975fc6d1b8b6eb333416d76144f7d2ee (diff)
download	portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.tar.gz portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.tar.bz2 portable-b2b47a7d113c2ac0e574ea4c3528780c30ef1aab.zip

diff --git a/README.windows b/README.windows index 27c2182..a88ddc9 100644 --- a/README.windows +++ b/README.windows
@@ -12,7 +12,8 @@ cross compilers on Windows.
12	To configure and build LibreSSL for a 32-bit system, use the following	12	To configure and build LibreSSL for a 32-bit system, use the following
13	build steps:	13	build steps:
14		14
15	CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32	15	CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
		16	./configure --host=i686-w64-mingw32
16	make	17	make
17	make check	18	make check
18		19
@@ -22,6 +23,25 @@ For 64-bit builds, use these instead:
22	make	23	make
23	make check	24	make check
24		25
		26	# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
		27
		28	An ABI change introduced with Microsoft Visual C++ 2005 (also known as
		29	Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
		30	build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
		31	is unable to represent times past 2038 (this is commonly known as the
		32	Y2K38 problem).
		33
		34	If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
		35	expiry date is set past 19 January 2038, it will be unable to tell if the
		36	certificate has expired or not, and thus take the safe stance and reject it.
		37
		38	In order to avoid this, you need to build LibreSSL (and everything that links
		39	with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
		40	use the new ABI.
		41
		42	64-bit systems always have a 64-bit time_t and are not affected by this
		43	problem.
		44
25	# Using Libressl with Visual Studio	45	# Using Libressl with Visual Studio
26		46
27	A script for generating ready-to-use .DLL and static .LIB files is included in	47	A script for generating ready-to-use .DLL and static .LIB files is included in


diff --git a/configure.ac b/configure.ac index eecfb41..42bbca3 100644 --- a/configure.ac +++ b/configure.ac
@@ -142,6 +142,14 @@ AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
142	if test "$ac_cv_sizeof_time_t" = "4"; then	142	if test "$ac_cv_sizeof_time_t" = "4"; then
143	echo " ** Warning, this system is unable to represent times past 2038"	143	echo " ** Warning, this system is unable to represent times past 2038"
144	echo " ** It will behave incorrectly when handling valid RFC5280 dates"	144	echo " ** It will behave incorrectly when handling valid RFC5280 dates"
		145
		146	if test "$host_os" = "mingw32" ; then
		147	echo " **"
		148	echo " ** You can solve this by adjusting the build flags in your"
		149	echo " ** mingw-w64 toolchain. Refer to README.windows for details."
		150	fi
		151
		152	exit 1
145	fi	153	fi
146		154
147	AC_REQUIRE_AUX_FILE([tap-driver.sh])	155	AC_REQUIRE_AUX_FILE([tap-driver.sh])