On Wed, 2015-07-22 at 15:02 -0700, Alexander Gostrer wrote: > Maybe it is the time to introduce the 64-bit UNIX time? Anything else > looks like a patch.
Theoretically, we can already encode notAfter values as a GeneralizedTime of up to 99991231235959Z (i.e. Y10K) in an X.509 certificate. The limitation is purely an implementation issue — not only is it a fairly safe bet that a lot of software will crap itself on seeing a GeneralizedTime at all (since for dates before we MUST use UTCTime instead), but a lot of 32-bit implementations are known to break even for UTCTime values later than 2038. So certificates which do this are just not going to interoperate very well at all. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
