diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-31 08:49:50 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-09-05 16:17:15 -0400 |
commit | d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45 (patch) | |
tree | ea7207dd84a2a5ab1e18e9f9711cb966e46751a0 /doc | |
parent | 2519b4e18101a7e987dad842084cd1da5da5c191 (diff) | |
download | openssl-d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45.tar.gz |
RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index ec91d5dced..166e316a1e 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -203,6 +203,10 @@ chain found is not trusted, then OpenSSL will continue to check to see if an alternative chain can be found that is trusted. With this flag set the behaviour will match that of OpenSSL versions prior to 1.1.0. +The B<X509_V_FLAG_NO_CHECK_TIME> flag suppresses checking the validity period +of certificates and CRLs against the current time. If X509_VERIFY_PARAM_set_time() +is used to specify a verification time, the check is not suppressed. + =head1 NOTES The above functions should be used to manipulate verification parameters |