Re: Doubt regarding O-SSL and setting the duration of certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Le 13 sept. 2017 à 17:08, Michael Wojcik <Michael.Wojcik@xxxxxxxxxxxxxx> a écrit :
> 
>> From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf
>> Of Michael Richardson
>> Sent: Wednesday, September 13, 2017 09:32
>> 
>> I suspect that the value: literal value 99991231235959Z will simply come to
>> mean "the end of time", even after the year 10,000.  It has a well known
>> DER encoding, and one can memcmp() it.
> 
> Personally, I'm really hoping we're not still using ASN.1 in the year 10000.

Why not? ;)

X.680 relies in ISO8601 for the date/time definitions. GeneralizedTime uses the Basic format from ISO8601 for the date (year on 4 digits, month on 2 starting with 01, day on 2 starting with 01), liberal time of day (minutes and/or seconds can be omitted, optional fraction of second/minute/hour depending on what is included), and a timezone from -15h to +15h with a one hour or one minute accuracy, or Z for UTC.

BER accepts pretty much everything from this definition, DER has a few restrictions:
 - in ISO8601, there are 2 different midnights (00:00:00 and 24:00:00), the DER encoding requires such date/time to be transformed into 00:00:00 the day after
 - DER only accepts the « Z » timezone and not the +/-HH(MM) variant
 - DER requires the minutes and seconds to be present in the time of day, and no fraction of a second

In theory, the very last date/time expressed in ASN.1 is 99991231240000+1500, and it would be valid if expressed in BER. In DER, the very last date/time would have been 99991231235960Z (in case a positive leap second gets inserted that day), but something else was preferred. It’s still possible that there’s a negative leap second happening at that exact day, removing second 59 completely.
Just think of this as a magical value.

Cordialement,
Erwann Abalea

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux