[gnutls-devel] GnuTLS | Certificate verification: validity period format check (#1620)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Dec 10 09:57:57 CET 2024
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1620#note_2250259729
I don't think this is a bug. RFC 5280 says:
> CAs conforming to this profile MUST always encode certificate
> validity dates through the year 2049 as UTCTime; certificate validity
> dates in 2050 or later MUST be encoded as GeneralizedTime.
> Conforming applications MUST be able to process validity dates that
> are encoded in either UTCTime or GeneralizedTime.
That says, while CA should *use* UTCTime to encode the date, applications that decode the date should be able to process both formats.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1620#note_2250259729
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241210/2d93b341/attachment.html>
More information about the Gnutls-devel
mailing list