On Tue, Feb 27, 2018 at 11:04:10PM +0100, Holger Mikolon wrote: > > hi. > > > > i wonder whether we could more simply just use the date format [YY]YY, > > explain the 2050 cutoff, and forget about mentioning asn.1 time > > structures. > > > > or do you think there is a practical reason why the user would need to > > know it? i suspect not. > > Actually the mentioning of the asn.1 time structure helped me to identify > the RFC 5280 and finally helped solve my parameter usage. If the man page > was fixed, I couldn't anymore think of a practical reason to mention the > structure. >
good, it can probably go then. > > > > there is also "startdate" for openssl ca. we should probably do the same > > for that, assuming it applies. > > I have not checked startdate yet due to lack of time - and I did not > want to blindly assume whether it applies. I could spend some effort > on this next days. > > One remark to your diff below. > > Regards > Holger > > > > > so sth like the diff below. > > jmc > > > > Index: openssl.1 > > =================================================================== > > RCS file: /cvs/src/usr.bin/openssl/openssl.1,v > > retrieving revision 1.87 > > diff -u -r1.87 openssl.1 > > --- openssl.1 18 Feb 2018 07:43:55 -0000 1.87 > > +++ openssl.1 27 Feb 2018 21:38:06 -0000 > > @@ -360,8 +360,8 @@ > > The number of days to certify the certificate for. > > .It Fl enddate Ar date > > Set the expiry date. > > -The format of the date is YYMMDDHHMMSSZ > > -.Pq the same as an ASN.1 UTCTime structure . > > +The format of the date is [YY]YYMMDDHHMMSSZ, > > +with all four year digits required for dates after 2050. > > "dates after 2050" reads like "2051 and later" to me, which would be wrong. > It should rather be "dates after 31 Dec 2049". In other words: > You must specify 2049 as 49 and 2050 as 2050. > so dates *from* 2050, rather than after? but..."you *must* specify 2049 as 49": "2049" is valid, right? jmc > > .It Fl extensions Ar section > > The section of the configuration file containing certificate extensions > > to be added when a certificate is issued (defaults to > > @@ -492,8 +492,8 @@ > > A single self-signed certificate to be signed by the CA. > > .It Fl startdate Ar date > > Set the start date. > > -The format of the date is YYMMDDHHMMSSZ > > -.Pq the same as an ASN.1 UTCTime structure . > > +The format of the date is [YY]YYMMDDHHMMSSZ, > > +with all four year digits required for dates after 2050. > > .It Fl status Ar serial > > Show the status of the certificate with serial number > > .Ar serial . > > > > >