Hello Steve,
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate = checkTime and thisUpdate = now.
b)
The following point is unclear to me:
a) CRL is valid (regarding issuance time)
if thisUpdate = checkTime and thisUpdate = now.
As far as I understand;
The X509 and 3280 validation algorithm only have ONE
point in time, which is consider either as 'now'
or 'time to check' according you
On Thu, Sep 16, 2004, Goetz Babin-Ebell wrote:
Hi Steve,
Dr. Stephen Henson wrote:
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Would something like the attached patch be acceptable ?
(please ignore versin info in the diff)
This patch also adds checking of the revokation time
Hi Steve,
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate = checkTime and thisUpdate = now.
b) CRL is considered to be able to deliver revocation
information if
On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote:
Hi Steve,
Dr. Stephen Henson wrote:
On Tue, Sep 14, 2004, Goetz Babin-Ebell wrote:
I still would propose the following logic:
a) CRL is valid (regarding issuance time)
if thisUpdate = checkTime and thisUpdate = now.
b) CRL is considered
Hi Steve,
Dr. Stephen Henson wrote:
On Mon, Sep 13, 2004, Goetz Babin-Ebell wrote:
ther might be a problem in X509_verify_cert() (at least 0.9.7d):
if you set a verification time and
the CRL was not yet valid at this time,
the error X509_V_ERR_CRL_NOT_YET_VALID will be generated.
(see check_crl()
Hello folks,
ther might be a problem in X509_verify_cert() (at least 0.9.7d):
if you set a verification time and
the CRL was not yet valid at this time,
the error X509_V_ERR_CRL_NOT_YET_VALID will be generated.
(see check_crl() in x509_verify.c)
It seems to me that a logic like:
If check_time (and
On Mon, Sep 13, 2004, Goetz Babin-Ebell wrote:
Hello folks,
ther might be a problem in X509_verify_cert() (at least 0.9.7d):
if you set a verification time and
the CRL was not yet valid at this time,
the error X509_V_ERR_CRL_NOT_YET_VALID will be generated.
(see check_crl() in