om: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kyle Hamilton
Sent: Wednesday, 3 December 2008 7:04 AM
To: openssl-dev@openssl.org
Subject: Re: [PATCH] ts verify for expired certificate patch
On Mon, Dec 1, 2008 at 9:13 PM, Brad Mitchell <[EMAIL PROTECTED]>
wrote:
> I d
On Mon, Dec 1, 2008 at 9:13 PM, Brad Mitchell <[EMAIL PROTECTED]> wrote:
> I don't think there is anything in the openssl (ts) functions to accept
> revocation to make this decision anyway.
External daemons do exist, such as (e.g.)
http://www.carillon.ca/tools/pathfinder.php
> At the end of the d
On Mon, Dec 1, 2008 at 8:53 PM, David Schwartz <[EMAIL PROTECTED]> wrote:
>
>> Problem Description:
>> When a digest has been signed and a response is produced,
>> the current version of openssl will not verify the contents
>> correctly if the certificate used to sign the digest has expired.
>> Sol
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of David Schwartz
Sent: Tuesday, 2 December 2008 2:54 PM
To: openssl-dev@openssl.org
Subject: RE: [PATCH] ts verify for expired certificate patch
> Problem Description:
> When a digest has been signed and a response is produced,
> the
> Problem Description:
> When a digest has been signed and a response is produced,
> the current version of openssl will not verify the contents
> correctly if the certificate used to sign the digest has expired.
> Solution:
> When verifying the response/token, the time at which the digest was
> s