Note: There was a reason why Emilias pull request #2668 was backported to 1.0.2, see github #6182: It was done to fix issue #4915. So if possible we should not revert it entirely but just try to relax the fractional seconds part.
https://github.com/openssl/openssl/pull/6182 https://github.com/openssl/openssl/issues/4915 Matthias On 14.08.2018 14:47, Kurt Roeckx wrote: > On Tue, Aug 14, 2018 at 12:16:25PM +0000, Salz, Rich wrote: >> I think we should revert https://github.com/openssl/openssl/pull/2668 >> >> The stricter RFC compliance turns out to impact many certs embedded in >> devices. Some estimates had thousands to millions. It affects interop with >> IAIK and Bouncy Castle. >> >> I looked at the code, and tried to figure out how to just relax the >> fractional second code, but it wasn’t obvious. There is also a testcase that >> would need to be modified. And finally, it’s not clear that the seconds are >> the only compatibility issue we would be introducing. >> >> Unfortunately, this turns out to be a big breaking change, and doesn’t seem >> right for a dot release. > This seems to have been done in both the 1.0.2 and 1.1.0 after the > release. Do you want to revert it in both branches, but keep it in > 1.1.1? Or only revert it in 1.0.2? > > > Kurt > > _______________________________________________ > openssl-project mailing list > openssl-project@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
