It is unfortunate that this thread started too late for the 1.0.2p release.
From: Rich Salz <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Tuesday, August 14, 2018 at 8:17 AM To: "[email protected]" <[email protected]> Subject: [openssl-project] Fractional seconds, etc. I think we should revert https://github.com/openssl/openssl/pull/2668<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_2668&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=NFSt4uz-42W1yIwTFT3988NhLENi-x3xIF_0KNx9XXA&s=FfwVGQiUXwDqWK-rb_RXmfBrLcJVj8SBwyX3cROuMkQ&e=> The stricter RFC compliance turns out to impact many certs embedded in devices. Some estimates had thousands to millions. It affects interop with IAIK and Bouncy Castle. I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing. Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release. Anyone feel otherwise?
_______________________________________________ openssl-project mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-project
