Hi,
Not really a open-ssl bug, but it's interesting and I'm curious to hear
how people will be dealing with it: has anyone tried to make a
certificate that lasts for the next century? We tried (just because we
were fed up with test certificates expiring) and found that we couldn't
get past 2037, presumably because that's when "unix time" runs out of
bits (although this was on NT).
Presumably the fix is to link against a library which has t_time defined
as something larger (or at least unsigned) - does such a library exist?
As CRLs and certificate chaining become more popular, it seems, to me,
that having long-lasting certificates will be more important - so I
don't think ignoring the problem is the best solution....
Andrew
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
