Hi Luzt, On 18/04/2008, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > > Anri Lau wrote: > > Hi All, > > > > Anyone know how many rules should be performed when build TLS > > connection? > > I have some test case. The certificate time is not valid, validation > > failed. But the certificate passed if the validity dates of the child > > certificate are not contained within the validity > > dates of the parent certificate. > > > > As i know, both of above are the standard rules of digital certificate. > > I am not sure whether I understand you correctly. If the validity dates of > the child certificate are not contained within the parent certificate, > there > should be no date at which both of them are valid at the same time!? > Or do you mean that they somewhat overlap and the current date is > within the overlapping region?
This rule is independent of current time. e.g. If the validity dates of the parent certificate is 2008/04/18~2009/04/18 and the ones of child certificate is 2008/06/18~2009/06/18 or 2008/03/18~2009/03/18, the certificate chain should be invalid. The validity dates of child certificate should be between the ones of parent(2008/04/18~2009/04/18). Best regards, > > Lutz > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Best regards to you and your family
