When adjusting boundary times with the gmtime_adj_not...
functions, the resulting ASN1 representation becomes a UTCTIME.
If the set_not... functions are used, the result is instead a
GENERALIZEDTIME. Modern libraries don't like it when you mix
these, or maybe they just don't like GENERALIZEDTIME... Either
way, by using only one of those methods in all cases, we should
be okay.
When adjusting boundary times with the
gmtime_adj_not...functions, the resulting ASN1 representation becomes aUTCTIME. If theset_not...functions are used, the result is instead aGENERALIZEDTIME. Modern libraries don't like it when you mix these, or maybe they just don't likeGENERALIZEDTIME... Either way, by using only one of those methods in all cases, we should be okay.