[openssl-project] Fractional seconds, etc.
Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Tue Aug 14 13:55:13 UTC 2018
Note: There was a reason why Emilias pull request #2668 was backported to 1.0.2,
see github #6182: It was done to fix issue #4915. So if possible we should not
revert it entirely but just try to relax the fractional seconds part.
https://github.com/openssl/openssl/pull/6182
https://github.com/openssl/openssl/issues/4915
Matthias
On 14.08.2018 14:47, Kurt Roeckx wrote:
> On Tue, Aug 14, 2018 at 12:16:25PM +0000, Salz, Rich wrote:
>> I think we should revert https://github.com/openssl/openssl/pull/2668
>>
>> The stricter RFC compliance turns out to impact many certs embedded in devices. Some estimates had thousands to millions. It affects interop with IAIK and Bouncy Castle.
>>
>> I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing.
>>
>> Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release.
> This seems to have been done in both the 1.0.2 and 1.1.0 after the
> release. Do you want to revert it in both branches, but keep it in
> 1.1.1? Or only revert it in 1.0.2?
>
>
> Kurt
>
> _______________________________________________
> openssl-project mailing list
> openssl-project at openssl.org
> https://mta.openssl.org/mailman/listinfo/openssl-project
More information about the openssl-project
mailing list