On Thu, Sep 16, 2004, Goetz Babin-Ebell wrote: > Hi Steve, > > Dr. Stephen Henson wrote: > >On Wed, Sep 15, 2004, Goetz Babin-Ebell wrote: > >> > >>Would something like the attached patch be acceptable ? > >>(please ignore versin info in the diff) > >> > >>This patch also adds checking of the revokation time against the checkTime > > >I'm not sure about that last bit and timezones. Although RFC3280 et al > >prohibit > >CAs from using timezones its not clear whether an implementation has to > >process them correctly. > > Ough. > OK, better safe than sorry... > > >The current code does by virtue of the way it can add > >and subtract timezone offsets from the check time. > > >However something better would be needed to compare two ASN1_TIME > >structures. > > Has anybody done an ASN1_TIME_cmp() already ? > > I'll look into it... >
I've a suspended project (one of many!) that was designed to work around the quirkiness of system time routines for some operations and work for expanded time ranges such as those which GeneralizedTime can handle and confuse system routines. It would be able to handle ASN1_TIME_cmp() easily along with many other things too. I'll dig it out. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]