[openssl-dev] id-kp-OCSPSigning extended key usage

Hello, The RFC states that: > OCSP signing delegation SHALL be designated by the inclusion of > id-kp-OCSPSigning in an extended key usage certificate extension > included in the OCSP response signer's certificate. The use of "SHALL" rather

Re: [openssl-dev] X509_cmp_time (possible) bug

Correct, But if one want’s strcmp()’s behavior (i.e. 0 is equality), ASN1_TIME_cmp_time_t() will work (and was written because X509_cmp_time() couldn’t be changed without breaking other things). -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea,

Re: [openssl-dev] X509_cmp_time (possible) bug

On Mon 2017-09-11 14:16:11 +, Short, Todd via openssl-dev wrote: > Yes, it’s annoying, but it’s historic. I looked into changing this at one > point. I think Dimitry's point was that the documentation doesn't match the implementation because of the flexibility of strcmp's defined return

Re: [openssl-dev] X509_cmp_time (possible) bug

Yes, it’s annoying, but it’s historic. I looked into changing this at one point. I recommend using ASN1_TIME_cmp_time_t() (from the master branch) instead, for the results you are expecting. -- -Todd Short // tsh...@akamai.com // "One if by land, two if by sea, three if

Re: [openssl-dev] Openssl and MAC KeyChain tool Integration

My understanding is there currently is no OpenSSL engine for the MacOSX chain services. It would be nice to have and I really wish I had time to collaborate on such a project, using Stephen Henson's CAPI work as a template. Currently I would suggest following the same model as OpenSSL for other