On Mon, Dec 20, 2010 at 10:49:57AM -0800, travis+ml-open...@subspacefield.org
wrote:
> libnss, at least on Linux, checks that the signing cert (chain) is valid
> at the time of signature - as opposed to present time. (It may check
> present time as well - not sure on that)
>
> This makes for problems if you renew the cert, since the new cert will
> have a creation (start) date of the current time, after the object was
> signed.
A signed object (S/MIME, CMS) normally carries the certificate chain
(at time of signing) with it. So certificate renewal in no-way impedes
signature verification.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
