Re: in the department of "ain't no perfect"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Leaping into something where I really don't know what I am talking about, does not code signing do that routinely? I can install software signed with a certificate that has expired, provided it had not expired when the code was signed.

Does that help, or it is just useless chatter about something you already knew?

Charles


-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Eliot Lear
Sent: Tuesday, January 15, 2019 7:29 AM
To: openssl-users@xxxxxxxxxxx
Subject:  in the department of "ain't no perfect"

I realize things haven't been made easy to do this on purpose, and that there's even a comment in one of the man pages to that effect, but here goes...

I have an application that requires long-lived signatures, perhaps long past the point where the signer's cert has expired.  I'd like a way to extract the signature date from a CMS structure.  With all the opaque structs that have been introduced in the last few releases, it's not clear to me how to do that.  Any examples or guidance (other than don't do that)?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux