[openssl-project] Fractional seconds, etc.
Kurt Roeckx
kurt at roeckx.be
Tue Aug 14 12:47:12 UTC 2018
On Tue, Aug 14, 2018 at 12:16:25PM +0000, Salz, Rich wrote:
> I think we should revert https://github.com/openssl/openssl/pull/2668
>
> The stricter RFC compliance turns out to impact many certs embedded in devices. Some estimates had thousands to millions. It affects interop with IAIK and Bouncy Castle.
>
> I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing.
>
> Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release.
This seems to have been done in both the 1.0.2 and 1.1.0 after the
release. Do you want to revert it in both branches, but keep it in
1.1.1? Or only revert it in 1.0.2?
Kurt
More information about the openssl-project
mailing list