On Mon, Apr 08, 2024 at 05:53:47PM -0500, Ted Wynnychenko wrote:
> Thanks for the suggestion.
> The workaround does work, and creates (essentially) the same certificate,
> but one that does not fail verification with the new libressl.
> I did notice the option of not have the leading "20" for dates before 2050,
> but I did not know enough to try doing that.
Great. openssl ca should be smart enough to do that for you. It tried
to, but failed due to a bug. This will be fixed in the next release:
https://github.com/openbsd/src/commit/72c7c57a68e32c57ac752161b5a93464ad11e7e1
The incomprehensible verification error is another bug and that will
also be fixed.
No comments:
Post a Comment