On Mon, Feb 01, 2016 at 11:38:49PM +0000, Alex Rousskov via RT wrote:
> On 02/01/2016 02:32 PM, openssl-dev@openssl.org via RT wrote:
>
> > Please be more explicit about what errors you feel were not reported.
>
> One specific error mentioned during the previous discussion was "expired
> certificate". This was ~four years ago, so my recollection may be
> faulty, but I believe that was _not_ the only hidden error.
Expiration makes no sense for a certificate at the top of the chain,
it has no issuer, so the date is unsigned and meaningless.
> Back then, Stephen Henson semi-confirmed that some errors were hidden
> [because they were considered meaningless], so I hope we did not
> misdiagnose the issue. I do not know whether the code has changed since
> then.
I agree that the date is meaningless. I do not agree that not
reporting "expiration" of such certificates is "hiding" an error.
IMHO, the code is correct as it stands.
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
