[EMAIL PROTECTED] wrote: > > Hello, I was checking the implementation of Generalized Time in OpenSSL > and seems to me that isn't not compliant with the X.680 specification. > Indeed according to the specification it's possible to > have fractional seconds. The function ASN1_GENERALIZEDTIME_check > enforces checkings that admits (if I understand correctly) the presence > of the > following characters: 0..9,Z,+,-. But for an implementation > fully compliant with the standard the characters "." or "," maybe present > in order to have fractional seconds. > OpenSSL doesn't fully support BER encoded GeneralizedTime however for many of the purposes which it is used in OpenSSL (e.g. in certificates) the full form isn't allowed. For example from RFC2259 4.1.2.5.2: > For the purposes of this profile, GeneralizedTime values MUST be > expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e., > times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero. > GeneralizedTime values MUST NOT include fractional seconds. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
