Yes, it’s annoying, but it’s historic. I looked into changing this at one point.
I recommend using ASN1_TIME_cmp_time_t() (from the master branch) instead, for the results you are expecting. -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet." On Sep 9, 2017, at 10:10 AM, Dmitry Belyavsky <beld...@gmail.com<mailto:beld...@gmail.com>> wrote: Hello, The X509_cmp_time function is documented as returning -1 or 1 on success and 0 on error. In fact it returns result of strcmp: int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { ... i = strcmp(buff1, buff2); if (i == 0) /* wait a second then return younger */ return -1; else return i; } According to documentation to the strcmp, The strcmp() and strncmp() functions return an integer less than, equal to, or greater than zero if s1 (or the first n bytes thereof) is found, respectively, to be less than, to match, or be greater than s2. It means (and have been met in practice) that X509_cmp_time() returns other values than 1/-1. So it seems reasonable to either update documentation or fix the behavior. Thank you! -- SY, Dmitry Belyavsky -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev