Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xmlsec-nss: Option to ignore certificate validity expiry time #852

Open
jignatius opened this issue Nov 5, 2024 · 1 comment
Open

xmlsec-nss: Option to ignore certificate validity expiry time #852

jignatius opened this issue Nov 5, 2024 · 1 comment
Labels
enhancement low-priority

Comments

@jignatius
Copy link

openssl provides the -no_check_time option to "ignore certificate validity time".

Example:

$ openssl verify -CAfile cert1.pem  -CApath ./ cert2.pem  
...
error 10 at 1 depth lookup: certificate has expired
...
error 10 at 0 depth lookup: certificate has expired
error cert2.pem: verification failed

$ openssl verify -no_check_time -CAfile cert1.pem -CApath ./ cert2.pem  
cert2.pem: OK

It would be useful to have a "no check time" option in xmlsec too.
This was referenced Nov 6, 2024
Merged
Merged
@lsh123
Copy link
Owner

lsh123 commented Nov 20, 2024

There is no easy way to skip timestamp checks in NSS. Will keep the issue open for the future if NSS provides new APIs.

@lsh123 lsh123 changed the title Option to ignore certificate validity expiry time (xmlsec-nss) Option to ignore certificate validity expiry time Nov 20, 2024
@lsh123 lsh123 changed the title (xmlsec-nss) Option to ignore certificate validity expiry time xmlsec-nss: Option to ignore certificate validity expiry time Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement low-priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lsh123 @jignatius