Salz, Rich wrote:
>
> The attached CRL shows a date formatting bug in OpenSSL, a snapshot
> downloaded last night. (It also appears in 0.9.2)
>
> To see it, save this to a file "foo" and do
> openssl crl -in foo | openssl crl
Thanks it was an encoding bug. It was still using some of the older code
that encoded the thisUpdate field as UTCTime instead of Time and it
didn't get properly changed.
It hasn't been spotted until now because CRLs don't normally encode
lastUpdate as GeneralizedTime which is a bit naughty (see RFC2459).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
