[openssl-dev] X509_cmp_time (possible) bug
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 11 14:43:27 UTC 2017
On Mon 2017-09-11 14:16:11 +0000, Short, Todd via openssl-dev wrote:
> Yes, it’s annoying, but it’s historic. I looked into changing this at one point.
I think Dimitry's point was that the documentation doesn't match the
implementation because of the flexibility of strcmp's defined return
code.
However, i think commit 80770da39ebba0101079477611b7ce2f426653c5 ("X509
time: tighten validation per RFC 5280") resolves Dmitry's concerns.
--dkg
More information about the openssl-dev
mailing list