Am Wed, 4 Mar 2009 11:19:09 +0100 schrieb Erwann ABALEA: > RFC5280 is a *profile* of X.509, i.e. a subset; it cannot replace > X.509. > Non Zulu times, minute accuracy, and fractional seconds are accepted > in X.509, why should it be refused by OpenSSL?
Sorry, didn't know that. I looked for the full X.509 specification but couldn't find it - it seems I would have to buy it from ITU. Does it allow GeneralizedTime for years between 1950 and 2049 too? Then the much shorter version I sent to openssl-users some time ago [1] would suffice, save for the change from ASN1_UTCTIME_print to ASN1_TIME_print (though that would be cosmetic, the former works fine here). Otherwise, I'll rip the date format checks out and resubmit the patch. Cheers, Oliver [1] http://marc.info/?l=openssl-users&m=123532280026134&w=2
signature.asc
Description: PGP signature
