[openssl-users] Custom lastUpdate in CRL

Rishi Pathak maverick.rishi at gmail.com
Fri Sep 9 14:37:46 UTC 2016


Hi Jakob,
     Thanks. It solved my problem for now. I agree with your suggestion.
In our scenario this would be a regular thing for coming years and will
not be seen as standard way for operations.

--
Rishi Pathak

On Fri, Sep 9, 2016 at 5:00 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote:

> On 09/09/2016 12:11, Rishi Pathak wrote:
>
>> Hi,
>>        For a reason we require lastUpdate to be set to a date in the
>> previous year, with
>> nextUpdate a year from now in our CRL. Search on google led me to a patch
>> which
>> allows use of startDate/endDate for CRL generation as well apart from
>> certificates.
>> Seems like 1.0-1 does not have it. Any pointers to how I can achieve this
>> using
>> OpenSSL(version) or another utility, preferably on Linux.
>>
>> For such tasks, I currently use the faketime utility program
> to run the openssl command line tool in a context with the
> data artificially set to the desired time in the past.
>
> I have previously suggested that an "as of" time argument
> be added to certificate and signature validation operations,
> and your use case suggests the same for issuance and signing
> operations as well.
>
> In fact, it seems the general solution (in future OpenSSL
> updates) would be for all operations that use the "current
> time/date" to accept an alternative value of that as an
> argument.
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
-------------This message is sent with 100% recycled electrons-----------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160909/f64ceeb9/attachment.html>


More information about the openssl-users mailing list