Re: [openssl-project] Fractional seconds, etc.
Note: There was a reason why Emilias pull request #2668 was backported to 1.0.2, see github #6182: It was done to fix issue #4915. So if possible we should not revert it entirely but just try to relax the fractional seconds part. https://github.com/openssl/openssl/pull/6182 https://github.com/openssl/openssl/issues/4915 Matthias On 14.08.2018 14:47, Kurt Roeckx wrote: > On Tue, Aug 14, 2018 at 12:16:25PM +, Salz, Rich wrote: >> I think we should revert https://github.com/openssl/openssl/pull/2668 >> >> The stricter RFC compliance turns out to impact many certs embedded in >> devices. Some estimates had thousands to millions. It affects interop with >> IAIK and Bouncy Castle. >> >> I looked at the code, and tried to figure out how to just relax the >> fractional second code, but it wasn’t obvious. There is also a testcase that >> would need to be modified. And finally, it’s not clear that the seconds are >> the only compatibility issue we would be introducing. >> >> Unfortunately, this turns out to be a big breaking change, and doesn’t seem >> right for a dot release. > This seems to have been done in both the 1.0.2 and 1.1.0 after the > release. Do you want to revert it in both branches, but keep it in > 1.1.1? Or only revert it in 1.0.2? > > > Kurt > > ___ > openssl-project mailing list > openssl-project@openssl.org > https://mta.openssl.org/mailman/listinfo/openssl-project ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Fractional seconds, etc.
>This seems to have been done in both the 1.0.2 and 1.1.0 after the release. Do you want to revert it in both branches, but keep it in 1.1.1? Or only revert it in 1.0.2? Keep the existing behavior for 1.0.2, 1.1.0 and 1.1.1. Sadly. And fix in a future release (I would re-open the PR and tag it) ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] Fractional seconds, etc.
On Tue, Aug 14, 2018 at 12:16:25PM +, Salz, Rich wrote: > I think we should revert https://github.com/openssl/openssl/pull/2668 > > The stricter RFC compliance turns out to impact many certs embedded in > devices. Some estimates had thousands to millions. It affects interop with > IAIK and Bouncy Castle. > > I looked at the code, and tried to figure out how to just relax the > fractional second code, but it wasn’t obvious. There is also a testcase that > would need to be modified. And finally, it’s not clear that the seconds are > the only compatibility issue we would be introducing. > > Unfortunately, this turns out to be a big breaking change, and doesn’t seem > right for a dot release. This seems to have been done in both the 1.0.2 and 1.1.0 after the release. Do you want to revert it in both branches, but keep it in 1.1.1? Or only revert it in 1.0.2? Kurt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
