>OpenSSL doesn't fully support BER encoded GeneralizedTime however for
>many of the purposes which it is used in OpenSSL (e.g. in certificates)
>the full form isn't allowed. For example from RFC2259 4.1.2.5.2:
>
>> For the purposes of this profile, GeneralizedTime values MUST be
>> expressed Greenwich Mean Time (Zulu) and MUST include seconds (i.e.,
>> times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero.
>> GeneralizedTime values MUST NOT include fractional seconds.
>
Thank you for your answer.
Yes of course you're right for RFC 2459, but in the RFC 3161 that defines
the
Time Stamp Protocol:
The ASN.1 GeneralizedTime syntax can include fraction-of-second
details. Such syntax, without the restrictions from [RFC 2459]
Section 4.1.2.5.2, where GeneralizedTime is limited to represent the
time with a granularity of one second, may be used here.
GeneralizedTime values MUST include seconds. However, when there is
no need to have a precision better than the second, then
GeneralizedTime with a precision limited to one second SHOULD be used
(as in [RFC 2459]).
The syntax is: YYYYMMDDhhmmss[.s...]Z
Example: 19990609001326.34352Z
And are also mentioned the DER encoding rules of X.690 for the same case.
Therefore we need to a little patch for
the function ASN1_GENERALIZEDTIME_check in order to be able
to accept time as indicated in the above example
Regards,
MD
__________________________________________________________________
Abbonati a Tiscali!
Con VoceViva puoi anche ascoltare ed inviare email al telefono.
Chiama VoceViva all' 892 800 http://voceviva.tiscali.it
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
