Hi, Hodie IV Non. Mar. MMIX, Oliver Martin via RT scripsit: > This patch adds support for GeneralizedTime for startdate/enddate in > openssl ca. I guess not too many people need certificates beyond 2049 > (or before 1950) right now, but having the capability surely can't hurt. > > Also, previously it accepted non-GMT times and values without seconds, > both of which are not allowed by RFC 5280 (and previous ones). This is > fixed too. [...]
RFC5280 is a *profile* of X.509, i.e. a subset; it cannot replace X.509. Non Zulu times, minute accuracy, and fractional seconds are accepted in X.509, why should it be refused by OpenSSL? -- Erwann ABALEA <erwann.aba...@keynectis.com> ----- I t±ld yo±, "Never±touch ±he flop±y disk s±rface!" ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org