Hello, There seemes to be a kind of Y2K bug in openssl: The function X509_cmp_current_time in x509_vfy.c doesn't make a difference between UTCTIME and GENERALIZEDTIME formats, so certifcates with a 4-digit year representation won't be verified correctly (like: format error in "notBefore" field), when one uses the "internal verify"-functionality. I've added if (ctm->type == V_ASN1_GENERALIZEDTIME) str = str+2; as a patch in the function (which ignored the first 2 digits, however). Kai ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]