you should be able to go to at least 2049, as the PKIX limit
is around 2050. I know some vendors have tested this.
At 06:28 PM 1/3/00 +0000, Andrew Cooke wrote:
>Hi,
>
>Not really a open-ssl bug, but it's interesting and I'm curious to hear
>how people will be dealing with it: has anyone tried to make a
>certificate that lasts for the next century? We tried (just because we
>were fed up with test certificates expiring) and found that we couldn't
>get past 2037, presumably because that's when "unix time" runs out of
>bits (although this was on NT).
>
>Presumably the fix is to link against a library which has t_time defined
>as something larger (or at least unsigned) - does such a library exist?
>
>As CRLs and certificate chaining become more popular, it seems, to me,
>that having long-lasting certificates will be more important - so I
>don't think ignoring the problem is the best solution....
>
>Andrew
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
