On Thu, Jul 17, 2014 at 05:06:07AM +0000, Viktor Dukhovni wrote:
> Higher-level tools can check the "days" argument before invoking
> the openssl apps layer. It should not be necessary to write C code
> to generate well-formed if corner-case certificates.
Also there is far more risk in generating a certificate that lasts
too long, than one that is never valid. Should there also be
warnings for 100-year certificates? 1 day certificates? The CLI
is not an interface for naive users. It is a toolkit for shell
scripts.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
