Hi, I noticed a different behaviour between v0.9.8h and v0.9.8i when printing dates of my certificates and crls. for example (I patched file crypto/asn1/t_x509.c to print value of tm->length after the date) :
[EMAIL PROTECTED]/usr/local/src/openssl-0.9.8i/apps/openssl x509 -in /etc/ssl/stunnel/serveur-cert.pem -startdate -noout notBefore=Oct 24 09:29:00 2008 GMT (i=10) [EMAIL PROTECTED]/usr/local/src/openssl-0.9.8h/apps/openssl x509 -in /etc/ssl/stunnel/serveur-cert.pem -startdate -noout notBefore=Oct 24 09:29:19 2008 GMT (i=10) Seconds are not printed in v0.9.8i, which is normal since there is a check if tm->length < 12 (line 432 of crypto/asn1/t_x509.c). I conclude that the field 'tm->length' seems not to be coherent with the field 'tm->data'. I cannot go further in my investigation for the moment. My problem is that I have my server running v0.9.8i which print logs with seconds set to 0, and a remote agent which runs v0.9.8g (I do not control the version of the agent) . The agent verifies that the logs are coherent with the certificate the server ought to use : it complains that seconds are not the same... I attach my certificate used in this test (made with openssl v0.9.8g) I Hope someone can help. Christophe
serveur-cert.pem
Description: Binary data
