Re: [PATCH RESEND/V2] crypto: Ignore validity dates of X.509 certificates at loading/parsing time

Am 02.05.2013 16:09, schrieb Alexander Holler: > I don't see any real use case where checking the validity dates of X.509 > certificates at parsing time adds any security gain. In contrast, doing so > makes MODSIGN unusable on systems without a RTC (or systems with a possible >

[PATCH RESEND/V2] crypto: Ignore validity dates of X.509 certificates at loading/parsing time

r the keys got loaded). If something really cares about the dates, it should check them at the time when the certificates are used, not when they are loaded and parsed. So just remove the validity check of the dates in the parser. Signed-off-by: Alexander Holler Cc: sta...@vger.kernel.org --- Up

[PATCH] crypto: Ignore validity dates of X.509 certificates at loading/parsing time

r the keys got loaded). If something really cares about the dates, it should check them at the time when the certificates are used, not when they are loaded and parsed. So just remove the validity check of the dates in the parser. Signed-off-by: Alexander Holler Cc: sta...@vger.kernel.org Sid

Re: [PATCH] Fix x509_key_preparse() not to reject keys outside their validity time range

Am 14.03.2013 13:24, schrieb David Woodhouse: The x509_key_preparse() function will refuse to even *parse* a certificate when the system clock happens to be set to a time before the ValidFrom or after the ValidTo date. This is wrong. If date checks are to be done, they need to be done at the tim

[PATCH] crypto: Ignore validity dates of X.509 certificates by default

ff-by: Alexander Holler --- crypto/asymmetric_keys/Kconfig | 10 ++ crypto/asymmetric_keys/x509_public_key.c | 4 2 files changed, 14 insertions(+) diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index 6d2c2ea..333976f 100644 --- a/crypto/asymmetric