On Mon, Feb 01, 2016 at 11:38:49PM +0000, Alex Rousskov via RT wrote:

> On 02/01/2016 02:32 PM, openssl-dev@openssl.org via RT wrote:
> 
> > Please be more explicit about what errors you feel were not reported.
> 
> One specific error mentioned during the previous discussion was "expired
> certificate". This was ~four years ago, so my recollection may be
> faulty, but I believe that was _not_ the only hidden error.

Expiration makes no sense for a certificate at the top of the chain,
it has no issuer, so the date is unsigned and meaningless.

> Back then, Stephen Henson semi-confirmed that some errors were hidden
> [because they were considered meaningless], so I hope we did not
> misdiagnose the issue. I do not know whether the code has changed since
> then.

I agree that the date is meaningless.  I do not agree that not
reporting "expiration" of such certificates is "hiding" an error.

IMHO, the code is correct as it stands.

-- 
        Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to