On Wed, 06 Mar 2019 10:52:44 +0100, Jan Just Keijser wrote: > as a follow-up: Richard's analysis/suspicion was spot on. > However, it was the *server* side certificate that was causing the > error, and the server certificate does indeed contain a poorly > formatted date: > > $ openssl asn1parse -in server.crt | grep UTC > 157:d=3 hl=2 l= 13 prim: UTCTIME :091022132829Z > 172:d=3 hl=2 l= 17 prim: UTCTIME :370308132808+0000 I'm glad I could help find the answer. > OpenSSL 1.0.x groks this, 1.1+ does not. Yup, 1.1+ is stricter regarding these things. Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/
