On Tue, 2015-07-28 at 11:00 +0000, Salz, Rich via RT wrote: > It seems that the simplest and most obvious thing is to indicate that > you don't care about the dates, which is what this patch does.
Obviously I agree, but life's too short to argue about it and I *do* have a viable alternative, with a verify_cb function that just ignores X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED. So (for the record) I've submitted patches to EDKII which do precisely that, and I don't depend on this patch any more. Close the RT if you wish. Having said that, if OpenSSL *does* gain this functionality then I'll happily change the EDKII code to make use of it, because I think it's the better approach. If requested, I can still provide a patch with the alternative variant of using a X509_V_FLAG_NO_CHECK_TIME flag if that's considered better than using a 'special' time of (time_t)-1 with X509_VERIFY_PARAM_set_time(). -- David Woodhouse Open Source Technology Centre [email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
