Make ASN1_TIME_set_string_X509 and ASN1_TIME_set_string match the man page

This makes it where people can't put dumb values in certs without
trying harder, and changes the regress to test this.

GENERALIZED times outside of the RFC5280 spec are required for OCSP
but these should be constructed with the GENERALIZED time string
setters.

ok tb@

1 files changed, 1 insertions, 8 deletions

diff --git a/src/regress/lib/libcrypto/asn1/rfc5280time.c b/src/regress/lib/libcrypto/asn1/rfc5280time.c
index 7a44a30e88..c57cac1463 100644
--- a/src/regress/lib/libcrypto/asn1/rfc5280time.c
+++ b/src/regress/lib/libcrypto/asn1/rfc5280time.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rfc5280time.c,v 1.7 2022/09/05 21:12:08 tb Exp $ */
+/* $OpenBSD: rfc5280time.c,v 1.8 2024/04/08 19:57:40 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@opebsd.org>
@@ -234,13 +234,6 @@ rfc5280_invtime_test(int test_no, struct rfc5280_time_test *att)
                         goto done;
                 }
         }
-        if (ASN1_TIME_set_string(t, att->str) != 0) {
-                if (X509_cmp_time(t, &now) != 0) {
-                        fprintf(stderr, "FAIL: test %d - successfully parsed as UTCTIME "
-                            "string '%s'\n", test_no, att->str);
-                        goto done;
-                }
-        }
 
         failure = 0;