On Sun, May 28, 2000 at 07:03:16AM -0400, Andrew W. Gray wrote:
> In addition to time_t anomolies, calls to gmtime() should later
> check to see if tm_sec = 0 prior to encoding a cert/crl/etc.
> If so seconds should be encoded as 01. This will avoid certain
> anomolies relating to decoding / reencoding by other software where
> the 00 seconds may be dropped and signature verification will fail.
This is something that belongs into the certificate handling routines,
not into the general UTCTime function -- except possibly with a
new flag for enabling this kludge. If we're switching from
time_t to something else we can't use the existing prototype
anyway, so I guess this is a good opportunity to add such a
kludge flag.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
