Correct, But if one want’s strcmp()’s behavior (i.e. 0 is equality), ASN1_TIME_cmp_time_t() will work (and was written because X509_cmp_time() couldn’t be changed without breaking other things). -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet."
On Sep 11, 2017, at 10:43 AM, Daniel Kahn Gillmor <d...@fifthhorseman.net<mailto:d...@fifthhorseman.net>> wrote: On Mon 2017-09-11 14:16:11 +0000, Short, Todd via openssl-dev wrote: Yes, it’s annoying, but it’s historic. I looked into changing this at one point. I think Dimitry's point was that the documentation doesn't match the implementation because of the flexibility of strcmp's defined return code. However, i think commit 80770da39ebba0101079477611b7ce2f426653c5 ("X509 time: tighten validation per RFC 5280") resolves Dmitry's concerns. --dkg
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev