We should backport this once it lands and has a final commit hash
Author: Jeffrey Altman <email@example.com>
Date: 2019-05-22 (Wed, 22 May 2019)
hx509: replace time_t with int64_t for cert timestamps
On platforms with 32-bit time_t (e.g. Linux i386), certificates
with timestamps later than 03:14:07 UTC on 19 January 2038 fail
to be processed correctly.
Recent changes to include certificates in the test suite with
500 year lifetimes cause the test suite to fail on these platforms.
This change replaces all use of time_t with int64_t to permit
uniform processing of certificate timestamps on all platforms.
This turns out to be the generic time_t on 32 bit problem, needing glibc changes.
See https://github.com/heimdal/heimdal/pull/583 for more detail.