On 07/25/2013 04:50 AM, George Ross wrote: >> Just wondering if anyone knew what the expiration date format was back >> from eap-tls transactions? I have a cert here that expires 23/07/2015 >> and FR gives back "150723132302Z". >> That's a Z on the end..? > > <http://en.wikipedia.org/wiki/ISO_8601>.
Sorry, but "150723132302Z" is not 8601. https://en.wikipedia.org/wiki/ISO_8601 "150723132302Z" is universaTime a subset of ASN.1 GeneralizedTime http://www.obj-sys.com/asn1tutorial/node14.html http://luca.ntop.org/Teaching/Appunti/asn1.html (see section 5.17) universalTime is being used because certs are encoded in ASN.1, specifically they require the use of GeneralizedTime. The GeneralizedTime form was standardized before RFC 8601. The use of GeneralizedTime is an artifact of the certificate binary encoding format. I'm not sure that's the best presentation these days. I'd rather see GeneralizedTime values presented in 8601 format to be consistent with modern standards. To properly parse the universalTime format being used one has to understand the nuances of X509 certificate encoding which is expecting too much. I wonder if the OpenSSL library has an option or function to convert to 8601. -- John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html