From 6b6bbbb0f793c2865f61c0f7522157aa5efa0519 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Sun, 15 Feb 2026 19:27:46 +0800 Subject: [PATCH 1/2] fix(time): use correct constructor for GeneralizedTime parsing When parsing DER data with a GeneralizedTime tag, the from_der_content implementation was incorrectly calling ASN1Time::new_utc() instead of ASN1Time::new_generalized(). This caused is_generalizedtime() to return false and tag() to return Tag::UtcTime for dates that were actually encoded as GeneralizedTime, leading to false positive warnings during certificate validation. --- src/time.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/src/time.rs b/src/time.rs index 254a259..d424eda 100644 --- a/src/time.rs +++ b/src/time.rs @@ -130,7 +130,7 @@ impl<'a> DerParser<'a> for ASN1Time { let (rem, t) = GeneralizedTime::from_der_content(header, input) .map_err(|_| X509Error::InvalidDate)?; let dt = t.utc_datetime().map_err(|e| Err::Error(e.into()))?; - Ok((rem, ASN1Time::new_utc(dt))) + Ok((rem, ASN1Time::new_generalized(dt))) } Tag::UtcTime => { if let Ok((rem, t)) = UtcTime::from_der_content(header, input.clone()) { @@ -240,4 +240,19 @@ mod tests { let t = ASN1Time::from(d); assert!(t.to_rfc2822().is_err()); } + + #[test] + fn test_generalizedtime_flags() { + use asn1_rs::{DerParser, DynTagged, Header, Input, Tag}; + // GeneralizedTime encoding for 2050-01-01 00:00:00 UTC + let gt_bytes = b"20500101000000Z"; + let header = Header::new_simple(Tag::GeneralizedTime); + let input = Input::from(>_bytes[..]); + let (_, t) = + ASN1Time::from_der_content(&header, input).expect("should parse GeneralizedTime"); + assert!(t.is_generalizedtime(), "GeneralizedTime should report is_generalizedtime=true"); + assert!(!t.is_utctime(), "GeneralizedTime should report is_utctime=false"); + assert_eq!(t.tag(), Tag::GeneralizedTime, "tag() should return GeneralizedTime"); + assert_eq!(t.to_datetime().year(), 2050); + } } From 4c1c9fa7888fc01e29083f7bbe865c76f72ac0a1 Mon Sep 17 00:00:00 2001 From: Yi LIU Date: Sun, 15 Feb 2026 19:57:25 +0800 Subject: [PATCH 2/2] style: format assert macros per rustfmt --- src/time.rs | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/time.rs b/src/time.rs index d424eda..eb1a956 100644 --- a/src/time.rs +++ b/src/time.rs @@ -250,9 +250,19 @@ mod tests { let input = Input::from(>_bytes[..]); let (_, t) = ASN1Time::from_der_content(&header, input).expect("should parse GeneralizedTime"); - assert!(t.is_generalizedtime(), "GeneralizedTime should report is_generalizedtime=true"); - assert!(!t.is_utctime(), "GeneralizedTime should report is_utctime=false"); - assert_eq!(t.tag(), Tag::GeneralizedTime, "tag() should return GeneralizedTime"); + assert!( + t.is_generalizedtime(), + "GeneralizedTime should report is_generalizedtime=true" + ); + assert!( + !t.is_utctime(), + "GeneralizedTime should report is_utctime=false" + ); + assert_eq!( + t.tag(), + Tag::GeneralizedTime, + "tag() should return GeneralizedTime" + ); assert_eq!(t.to_datetime().year(), 2050); } }