--text follows this line--
Bodo (& others),
In addition to time_t anomolies, calls to gmtime() should later
check to see if tm_sec = 0 prior to encoding a cert/crl/etc.
If so seconds should be encoded as 01. This will avoid certain
anomolies relating to decoding / reencoding by other software where
the 00 seconds may be dropped and signature verification will fail.
P. Gutmann mentions relevent cases in his style guide.
Andrew
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
