On Thu, 2008-06-05 at 22:32 +0200, Dr. Stephen Henson wrote:
> Changing this is would involve including independent date routines
> which don't
> have this restriction. I did start on this some time ago but other
> higher
> priority tasks (e.g. paid ones!) took over.
>
Right. From a quick perusal it seems that ASN1_GENERAILZEDTIME_set
actually ends up breaking the time into a tm structure and that is what
eventually gets stored:
BIO_snprintf(p,len,"%04d%02d%0d2%0d2%02d%02dZ", ts->tm_year + 1900,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
So, if there were routines that allowed you to add days to tm structures
(I assume days is the smallest unit of time used to generate
certificates), without having to convert to seconds, then we could avoid
the issue by doing all the math on a tm structure. I am sure it is
easier said then done.
Anyway, it sounds like it is currently generally accepted that on 32 bit
machines you can't generate certificates past 2038. That's really all I
was looking for here is that it's just generally accepted to be a
limitation.
Thanks
Chris Kottaridis ([EMAIL PROTECTED])
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
