Time to blow up the source tree :-) This is the beginning of support for
GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be used but OpenSSL doesn't currently support it. This patch adds several files and a bunch of functions. Of interest is the ASN1_TIME structure and its related functions. At several points certificates, CRLs et al specify that a time can be expressed as a choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this (wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME stuff provides this functionality. Still todo is to trace which cert and CRL points need an ASN1_TIME and modify the utilities appropriately and of course fix all the bugs. Note new OpenSSL copyright in the new file a_time.c. I didn't put it in a_gentm.c because it is a minimally modified form a_utctm.c . Since this adds new files and error codes you will need to do a 'make errors' at the top level to add the new codes.
parent
c3ae9a48
Please register or sign in to comment