API for Certificate checking without date checks
Hal Murray
halmurray+openssl at sonic.net
Tue Mar 5 06:22:36 UTC 2024
Context is the chicken and egg problem of using TLS before a system knows the
time.
I work on NTP software. NTP uses NTS (Network Time Security) which uses TLS
to make sure it is talking to the right servers.
I'm trying to figure out how to get started on a system that doesn't know the
time yet. (Many low cost systems like the Raspberry Pi don't have a battery
backed clock.)
I think I want to try something like:
Do everything except check the time on certificates
Get the time, assuming those certificates are valid.
Now check to see if those certificates were valid.
The command line tools have -no_check_time
Is there something similar in the API? I've looked, but maybe not in the
right place.
If not, any suggestions for good code to copy?
--
These are my opinions. I hate spam.
More information about the openssl-users
mailing list