On Sun, Apr 27, 2014 at 01:04:13PM +0200, sch_m via RT wrote:
> I was playing around with openssl and found a minor bug which
> makes possible to put the end date before the start date. This
> happend by creating a certificate using
I think this is a feature, not a bug. It should be possible to
create a certificate that is never valid. It will be accepted only
by clients that directly trust the public key or certificate
fingerprint and ignore the dates.
Also, generating such certificates makes it easier to generate test
cases for verifier implementations. I've used "-days -1" from time
to time to generate such "never valid" certificates.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
