Thank you for quick reply. We will test it in next weeks.
-----Original Message----- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Sunday, May 25, 2014 4:00 PM To: j...@sk.ee Cc: openssl-dev@openssl.org Subject: [openssl.org #3359] Expired certificates bug. On Sat May 17 07:31:10 2014, j...@sk.ee wrote: > > We found bug in openssl CA certificate loading. This important bug for > us in Estonia ( http://id.ee/?lang=en <http://id.ee/?lang=en&id> &id= > ) because we use openssl as base library in digital signature > verification. In digital signature world it is normal that you want to > verify signatures when CA certificates are expired. > I've just added an experimental fix for this to the master branch. See: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6c21b860ba8f0de64c6e96972ef3c728728d01a0 https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0930251df814f3993bf2c598761e0c7c6d0d62a2 It should now use a valid certificate in preference to an expired one. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
