rpki-client assumes date in UTC format.

[rmzmx]

I'm running rpki-client on CentOS 7 configured in CDT timezone. It displays "before date interval (clock drift?)" message:

[user@centos7 rpki-client]$ ./rpki-client -v -e rsync  tals/*.tal
rpki-client: rpki.afrinic.net/repository: loading
rpki-client: rpki.apnic.net/repository: loading
rpki-client: repository.lacnic.net/rpki: loading
rpki-client: rpki.ripe.net/ta: loading
The RIPE NCC Certification Repository is subject to Terms and Conditions
See http://www.ripe.net/lir-services/ncc/legal/certification/repository-tc

rpki-client: /var/cache/rpki-client/rpki.ripe.net/ta: loaded
rpki-client: rpki.ripe.net/repository: loading
The RIPE NCC Certification Repository is subject to Terms and Conditions
See http://www.ripe.net/lir-services/ncc/legal/certification/repository-tc

rpki-client: /var/cache/rpki-client/rpki.afrinic.net/repository: loaded
rpki-client: /var/cache/rpki-client/rpki.afrinic.net/repository/afrinic/K1eJenypZMPIt_e92qek2jSpj4A.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.afrinic.net/repository/apnic/bxoQPhQn_wNIOr_Z402svhUk_4s.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.afrinic.net/repository/arin/uHxadfPZV0E6uZhkaUbUVB1RFFU.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/repository.lacnic.net/rpki: loaded
rpki-client: /var/cache/rpki-client/repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository: loaded
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository/B41FE6101D6611E2A62F877C72FD1FF2/NI-bm5KnLM_Tbzxw81Z1czzI6iI.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft: before date interval (clock drift?)
rpki-client: /var/cache/rpki-client/rpki.apnic.net/repository/B4A1BEA61D6611E2B2CD8B7C72FD1FF2/lqhe9LjK9dTDWhV_ThJe5JS6-Tk.mft: before date interval (clock drift?)
rpki-client: period stats: 1 pending repos
rpki-client: period stats: 1 pending entries
rpki-client: period stats: 1 pending repos
rpki-client: period stats: 1 pending entries
rpki-client: /var/cache/rpki-client/rpki.ripe.net/repository: loaded
rpki-client: /var/cache/rpki-client/rpki.ripe.net/repository/aca/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft: before date interval (clock drift?)
rpki-client: all files parsed: exiting
roa-set {
    194.9.82.0/23 maxlen 24 source-as 36915
    217.21.112.0/20 maxlen 24 source-as 30844
    80.240.192.0/20 maxlen 24 source-as 30844
    80.88.11.0/24 source-as 328174
    81.26.72.0/21 maxlen 24 source-as 328366
}
rpki-client: Route origins: 5 (0 failed parse, 0 invalid)
rpki-client: Certificates: 25 (0 failed parse, 0 invalid)
rpki-client: Trust anchor locators: 4
rpki-client: Manifests: 25 (10 failed parse, 0 stale)
rpki-client: Certificate revocation lists: 36
rpki-client: Repositories: 5
rpki-client: Routes: 5 (5 unique)

After changing the configuration to UTC format. It works!

[dev-gto]

Actually, rpki-client make some calls to C mktime() API which, in turn, converts to localtime.
The patch would be calling timegm instead. I will suggest this patch @openbsd, let's see how it evolves

[cjeker]

See https://marc.info/?l=openbsd-tech&m=157125893608468&w=2 for the openbsd-tech discussion about this.

Instead of strptime and mktime the X509 function X509_cmp_time() should be used to verify the validity.

[kristapsdz]

I think the timing issues were closed in the OpenBSD version, so I'm closing this out now that it's been merged into this repo. Thank you!