[openssl-dev] [openssl.org #3951] [RFC][PATCH] Allow certificate time checks to be disabled
David Woodhouse via RT
rt at openssl.org
Fri Jul 31 07:54:56 UTC 2015
On Fri, 2015-07-31 at 03:09 +0000, Salz, Rich wrote:
> > If requested, I can still provide a patch with the alternative variant of using a
> > X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a
> > 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time().
>
> Yes, please.
[dwoodhou at i7 apps]$ ./openssl verify ~/.cert.20100813/certificate.pem
C = US, O = Intel Corporation, CN = Intel Intranet Basic Issuing CA 1B
error 10 at 1 depth lookup:certificate has expired
DC = com, DC = intel, DC = corp, DC = ger, OU = Workers, CN = "Woodhouse, David", emailAddress = david.woodhouse at intel.com
error 10 at 0 depth lookup:certificate has expired
/home/dwmw2/.cert.20100813/certificate.pem: OK
[dwoodhou at i7 apps]$ ./openssl verify -no_check_time ~/.cert.20100813/certificate.pem
/home/dwmw2/.cert.20100813/certificate.pem: OK
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-RT3951-Add-X509_V_FLAG_NO_CHECK_TIME-to-suppress-tim.patch
Type: text/x-patch
Size: 4752 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150731/2ff133b4/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150731/2ff133b4/attachment-0003.bin>
More information about the openssl-dev
mailing list