Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
This commit is contained in:
Ben Laurie
parent
50e4e9283d
commit
fd73a2121c
27
apps/x509.c
27
apps/x509.c
@ -113,6 +113,8 @@ static char *x509_usage[]={
|
||||
" -addreject arg - reject certificate for a given purpose\n",
|
||||
" -setalias arg - set certificate alias\n",
|
||||
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
|
||||
" -checkend arg - check whether the cert expires in the next arg seconds\n",
|
||||
" exit 1 if so, 0 if not\n",
|
||||
" -signkey arg - self sign cert with arg\n",
|
||||
" -x509toreq - output a certification request object\n",
|
||||
" -req - input is a certificate request, sign and output.\n",
|
||||
@ -173,6 +175,7 @@ int MAIN(int argc, char **argv)
|
||||
LHASH *extconf = NULL;
|
||||
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
|
||||
int need_rand = 0;
|
||||
int checkend=0,checkoffset=0;
|
||||
|
||||
reqfile=0;
|
||||
|
||||
@ -353,6 +356,12 @@ int MAIN(int argc, char **argv)
|
||||
startdate= ++num;
|
||||
else if (strcmp(*argv,"-enddate") == 0)
|
||||
enddate= ++num;
|
||||
else if (strcmp(*argv,"-checkend") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
checkoffset=atoi(*(++argv));
|
||||
checkend=1;
|
||||
}
|
||||
else if (strcmp(*argv,"-noout") == 0)
|
||||
noout= ++num;
|
||||
else if (strcmp(*argv,"-trustout") == 0)
|
||||
@ -839,6 +848,24 @@ bad:
|
||||
}
|
||||
}
|
||||
|
||||
if(checkend)
|
||||
{
|
||||
time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
|
||||
time_t tnow=time(NULL);
|
||||
|
||||
if(tnow+checkoffset > t)
|
||||
{
|
||||
BIO_printf(out,"Certificate will expire\n");
|
||||
ret=1;
|
||||
}
|
||||
else
|
||||
{
|
||||
BIO_printf(out,"Certificate will not expire\n");
|
||||
ret=0;
|
||||
}
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (noout)
|
||||
{
|
||||
ret=0;
|
||||
|
||||
@ -264,3 +264,32 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
|
||||
#endif
|
||||
return(s);
|
||||
}
|
||||
|
||||
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
|
||||
{
|
||||
struct tm tm;
|
||||
int offset;
|
||||
|
||||
memset(&tm,'\0',sizeof tm);
|
||||
|
||||
#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
|
||||
tm.tm_year=g2(s->data);
|
||||
if(tm.tm_year < 50)
|
||||
tm.tm_year+=100;
|
||||
tm.tm_mon=g2(s->data+2)-1;
|
||||
tm.tm_mday=g2(s->data+4);
|
||||
tm.tm_hour=g2(s->data+6);
|
||||
tm.tm_min=g2(s->data+8);
|
||||
tm.tm_sec=g2(s->data+10);
|
||||
if(s->data[12] == 'Z')
|
||||
offset=0;
|
||||
else
|
||||
{
|
||||
offset=g2(s->data+13)*60+g2(s->data+15);
|
||||
if(s->data[12] == '-')
|
||||
offset= -offset;
|
||||
}
|
||||
#undef g2
|
||||
|
||||
return timegm(&tm)-offset*60;
|
||||
}
|
||||
|
||||
@ -579,6 +579,7 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp,
|
||||
int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
|
||||
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
|
||||
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
|
||||
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
|
||||
|
||||
int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
|
||||
ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user