Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. #2040

onepeople158 · 2025-03-27T02:34:45Z

The RFC standard for X.509 CRLs restricts the thisUpdate field to only two formats, namely UTCTime (YYMMDDHHMMSSZ) and GeneralizedTime (YYYYMMDDHHMMSSZ) in ASN.1 representation, which are 13 and 15 characters wide, respectively. However,Bouncy Castle 1.80 accepts the thisUpdate field type as GeneralizedTime with a length of 13 ("240123000000Z") in the CRL.

Code:

import java.io.InputStream;
import java.io.FileInputStream;
import org.bouncycastle.asn1.x509.CertificateList;
import org.bouncycastle.cert.X509CRLHolder;

public class CRLParserExample_thisUpdate{
    public static void main(String[] args) throws Exception {
        
        InputStream inputStream = new FileInputStream("crl_file_13gn.der");

        X509CRLHolder crlHolder = new X509CRLHolder(inputStream);
        
        System.out.println(crlHolder.getThisUpdate());
    } 
}

Test Case:

crl_file_13gn.zip

The text was updated successfully, but these errors were encountered:

onepeople158 changed the title ~~Bouncy Castle 1.80 accepts the incorrect generalTime value.~~ Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. Mar 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. #2040

Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. #2040

onepeople158 commented Mar 27, 2025 •

edited

Loading

Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. #2040

Bouncy Castle 1.80 accepts the incorrect GeneralizedTime value. #2040

Comments

onepeople158 commented Mar 27, 2025 • edited Loading

onepeople158 commented Mar 27, 2025 •

edited

Loading