Problem Description: When a digest has been signed and a response is produced, the current version of openssl will not verify the contents correctly if the certificate used to sign the digest has expired.
Solution: When verifying the response/token, the time at which the digest was signed is used by setting the time in the X509 store by using X509_STORE_CTX_set_time. I have attached a patch file to fix this. Brad
openssl-cert.patch
Description: Binary data
