On Thu, Jun 05, 2008 at 01:23:05PM -0600, Chris Kottaridis wrote:
> >seriously 30 year certificate?
>
> That was my initial response, but that's what a customer wants.
>
> I was hoping to be retired before I had to worry about this limit. It
> does seem to be something that people want to do and I was just
> wondering if there was a plan in place to fix it. In checking the web on
> this I found at least one site describing how to generate certificates
> that made mention to not set the certificate value to over 2038 so it's
> clear it's known and bumped into from time to time.
>
> Is there a plan to circumvent the limit, as opposed to just saying stay
> within 2038 ?
Suppose your machine is able to verify it (by deploying an SSL library
that has a 64-bit time_t), does it really help you? How well do you
control the population of clients that verify this certificate?
OpenSSL built in an LP64 compilation environment should (AFAIK) not have
any trouble with 2038.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
