[openssl-dev] X509_cmp_time (possible) bug
Short, Todd
tshort at akamai.com
Mon Sep 11 15:54:04 UTC 2017
Correct,
But if one want’s strcmp()’s behavior (i.e. 0 is equality), ASN1_TIME_cmp_time_t() will work (and was written because X509_cmp_time() couldn’t be changed without breaking other things).
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."
On Sep 11, 2017, at 10:43 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net<mailto:dkg at fifthhorseman.net>> wrote:
On Mon 2017-09-11 14:16:11 +0000, Short, Todd via openssl-dev wrote:
Yes, it’s annoying, but it’s historic. I looked into changing this at one point.
I think Dimitry's point was that the documentation doesn't match the
implementation because of the flexibility of strcmp's defined return
code.
However, i think commit 80770da39ebba0101079477611b7ce2f426653c5 ("X509
time: tighten validation per RFC 5280") resolves Dmitry's concerns.
--dkg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170911/6ebf5d98/attachment.html>
More information about the openssl-dev
mailing list