[openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled
Kurt Roeckx
kurt at roeckx.be
Wed Jul 22 22:29:52 UTC 2015
On Wed, Jul 22, 2015 at 10:34:53PM +0100, David Woodhouse wrote:
> On Wed, 2015-07-22 at 23:29 +0200, Kurt Roeckx wrote:
> > On Wed, Jul 22, 2015 at 09:56:24PM +0100, David Woodhouse wrote:
> >
> > The whole point of this signed timestamp is that the signature
> > doesn't expire and that you don't have to care about the wall
> > clock.
>
> ... which is much more simply achieved by just not caring about the
> validity times of the certificate in the first place.
In case of a timestamp you can reduce the check to verify that the
timestamp was in the validity period of the certificate.
Kurt
More information about the openssl-dev
mailing list