[openssl-project] Fractional seconds, etc.
Salz, Rich
rsalz at akamai.com
Tue Aug 14 12:16:25 UTC 2018
I think we should revert https://github.com/openssl/openssl/pull/2668
The stricter RFC compliance turns out to impact many certs embedded in devices. Some estimates had thousands to millions. It affects interop with IAIK and Bouncy Castle.
I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing.
Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release.
Anyone feel otherwise?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180814/5f7fcdd3/attachment.html>
More information about the openssl-project
mailing list