Fencepost errors in certificate and OCSP validity
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Oct 28 15:44:36 UTC 2020
On Wed, Oct 28, 2020 at 04:32:56PM +0100, Jakob Bohm via openssl-users wrote:
> Recently, the EJBCA developers publicly warned (via the Mozilla root store
> policy mailing list) other CA vendors that they had incorrectly implemented
> the handling of the "notAfter" X509 field, resulting in certificates that
> lasted 1 second longer than intended.
I think that's patently ridiculous. I'm inclined to dismiss any bug
reports along these lines with prejudice.
--
Viktor.
More information about the openssl-users
mailing list