It has been fixed in libressl and openssl 1.1.1, so I am fine. I rely
upon your expertise that the problem doesn't have to be fixed in 1.1.0.
Thanx for your support
Harri
Please don't underestimate this problem. openssl creates bad
certificates here without telling. It is *highly* annoying
if you are affected by a bad root certificate you already used
for setting up a private PKI and then detect the problem on
a platform with a better ssl implementation.
I would hi
On Thu, 11 May 2017 18:42:17 +0200 Kurt Roeckx wrote:
> On Thu, May 11, 2017 at 02:59:20PM +0200, Harald Dunkel wrote:
>>
>> Please note the "-enddate 20451231235959Z" and compare with RFC
>> 5280 section 4.1.2.5 (https://www.ietf.org/rfc/rfc5280.txt). The
>> GeneralizedTime format is not allowed
On Thu, May 11, 2017 at 02:59:20PM +0200, Harald Dunkel wrote:
>
> Please note the "-enddate 20451231235959Z" and compare with RFC 5280
> section 4.1.2.5 (https://www.ietf.org/rfc/rfc5280.txt). The GeneralizedTime
> format is not allowed for 2045, but apparently openssl doesn't convert
> the str
Package: openssl
Version: 1.1.0e-1
If I create a self-signed certificate with a bad notAfter field,
then openssl doesn't complain. Sample session:
% mkdir -p ca/root-ca/private ca/root-ca/db crl certs
% chmod 700 ca/root-ca/private
% cp /dev/null ca/root-ca/db/root-ca.db
% cp /dev/null ca/root-ca
5 matches
Mail list logo
