I think we should revert https://github.com/openssl/openssl/pull/2668
The stricter RFC compliance turns out to impact many certs embedded in devices. Some estimates had thousands to millions. It affects interop with IAIK and Bouncy Castle. I looked at the code, and tried to figure out how to just relax the fractional second code, but it wasn’t obvious. There is also a testcase that would need to be modified. And finally, it’s not clear that the seconds are the only compatibility issue we would be introducing. Unfortunately, this turns out to be a big breaking change, and doesn’t seem right for a dot release. Anyone feel otherwise?
_______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
