[openssl-project] Fractional seconds, etc.

Salz, Rich rsalz at akamai.com
Tue Aug 14 12:16:25 UTC 2018


I think we should revert https://github.com/openssl/openssl/pull/2668

The stricter RFC compliance turns out to impact many certs embedded in devices.  Some estimates had thousands to millions.  It affects interop with IAIK and Bouncy Castle.

I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing.

Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release.

Anyone feel otherwise?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180814/5f7fcdd3/attachment.html>


More information about the openssl-project mailing list