[openssl-project] Fractional seconds, etc.

Salz, Rich rsalz at akamai.com
Tue Aug 14 12:18:54 UTC 2018

It is unfortunate that this thread started too late for the 1.0.2p release.

From: Rich Salz <rsalz at akamai.com>
Reply-To: "openssl-project at openssl.org" <openssl-project at openssl.org>
Date: Tuesday, August 14, 2018 at 8:17 AM
To: "openssl-project at openssl.org" <openssl-project at openssl.org>
Subject: [openssl-project] Fractional seconds, etc.

I think we should revert https://github.com/openssl/openssl/pull/2668<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_2668&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=NFSt4uz-42W1yIwTFT3988NhLENi-x3xIF_0KNx9XXA&s=FfwVGQiUXwDqWK-rb_RXmfBrLcJVj8SBwyX3cROuMkQ&e=>

The stricter RFC compliance turns out to impact many certs embedded in devices.  Some estimates had thousands to millions.  It affects interop with IAIK and Bouncy Castle.

I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing.

Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release.

Anyone feel otherwise?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-project/attachments/20180814/40eaff63/attachment-0001.html>

More information about the openssl-project mailing list