On Thu, Apr 12, 2012, Ashok C wrote: > Hi, > > I had almost the same requirement and eventually achieved it by patching my > openssl package's x509_verify code to do the check_cert_time() method > optionally depending on some conditions. Ideally I feel openSSL should > provide a validation flag like > *X509_V_FLAG_IGNORE_LIFETIME **which would help in this case. I can see > many existing flags listed here.** * > http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html#VERIFICATION_FLAGS > > Is there any specific reason as to why OpenSSL does not want to support > this feature? >
You can achieve the same by either changing the check time (using X509_VERIFY_PARAM_set_time) or using the verify callback to override the error X509_V_ERR_CERT_HAS_EXPIRED. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org