[openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled
Kurt Roeckx via RT
rt at openssl.org
Wed Jul 22 20:40:11 UTC 2015
On Wed, Jul 22, 2015 at 04:36:27PM +0100, David Woodhouse wrote:
> On Wed, 2015-07-22 at 14:52 +0000, Tim Hollebeek wrote:
> > The way this is supposed to work is by using a timestamp from a
> > trusted timestamp server to show the certificate was valid at the
> > time the code was signed.
>
> That would be great. Unfortunately, if the UEFI firmware were suddenly
> to start insisting upon that then a lot of operating systems would no
> longer boot.
Which operating systems would that be? As far as I know Windows 7
required this if you wanted to have your drivers stay valid for
longer than 2 years and Windows 10 just always requires it. So I
would hope that they actually do this for all of their own
software.
Kurt
More information about the openssl-dev
mailing list