> hi. > > i wonder whether we could more simply just use the date format [YY]YY, > explain the 2050 cutoff, and forget about mentioning asn.1 time > structures. > > or do you think there is a practical reason why the user would need to > know it? i suspect not.
Actually the mentioning of the asn.1 time structure helped me to identify the RFC 5280 and finally helped solve my parameter usage. If the man page was fixed, I couldn't anymore think of a practical reason to mention the structure. > > there is also "startdate" for openssl ca. we should probably do the same > for that, assuming it applies. I have not checked startdate yet due to lack of time - and I did not want to blindly assume whether it applies. I could spend some effort on this next days. One remark to your diff below. Regards Holger > > so sth like the diff below. > jmc > > Index: openssl.1 > =================================================================== > RCS file: /cvs/src/usr.bin/openssl/openssl.1,v > retrieving revision 1.87 > diff -u -r1.87 openssl.1 > --- openssl.1 18 Feb 2018 07:43:55 -0000 1.87 > +++ openssl.1 27 Feb 2018 21:38:06 -0000 > @@ -360,8 +360,8 @@ > The number of days to certify the certificate for. > .It Fl enddate Ar date > Set the expiry date. > -The format of the date is YYMMDDHHMMSSZ > -.Pq the same as an ASN.1 UTCTime structure . > +The format of the date is [YY]YYMMDDHHMMSSZ, > +with all four year digits required for dates after 2050. "dates after 2050" reads like "2051 and later" to me, which would be wrong. It should rather be "dates after 31 Dec 2049". In other words: You must specify 2049 as 49 and 2050 as 2050. > .It Fl extensions Ar section > The section of the configuration file containing certificate extensions > to be added when a certificate is issued (defaults to > @@ -492,8 +492,8 @@ > A single self-signed certificate to be signed by the CA. > .It Fl startdate Ar date > Set the start date. > -The format of the date is YYMMDDHHMMSSZ > -.Pq the same as an ASN.1 UTCTime structure . > +The format of the date is [YY]YYMMDDHHMMSSZ, > +with all four year digits required for dates after 2050. > .It Fl status Ar serial > Show the status of the certificate with serial number > .Ar serial . > >
