mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-16 13:33:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Constify certificate and CRL time routines.

Browse Source 
Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2016-08-19 12:39:57 +01:00
parent c4fbed6c31
commit 568ce3a583
12 changed files with 115 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/apps.c
View File

@ -2604,7 +2604,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
goto err; goto err;
} }
if (!X509_set_notBefore(x, tm)) if (!X509_set1_notBefore(x, tm))
goto err; goto err;
if (enddate == NULL) { if (enddate == NULL) {
@ -2614,7 +2614,7 @@ int set_cert_times(X509 *x, const char *startdate, const char *enddate,
goto err; goto err;
} }
if (!X509_set_notAfter(x, tm)) if (!X509_set1_notAfter(x, tm))
goto err; goto err;
rv = 1; rv = 1;

16
apps/ca.c
View File

@ -1100,13 +1100,13 @@ end_of_options:
if (tmptm == NULL) if (tmptm == NULL)
goto end; goto end;
X509_gmtime_adj(tmptm, 0); X509_gmtime_adj(tmptm, 0);
X509_CRL_set_lastUpdate(crl, tmptm); X509_CRL_set1_lastUpdate(crl, tmptm);
if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec, if (!X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
NULL)) { NULL)) {
BIO_puts(bio_err, "error setting CRL nextUpdate\n"); BIO_puts(bio_err, "error setting CRL nextUpdate\n");
goto end; goto end;
} }
X509_CRL_set_nextUpdate(crl, tmptm); X509_CRL_set1_nextUpdate(crl, tmptm);
ASN1_TIME_free(tmptm); ASN1_TIME_free(tmptm);
@ -1377,7 +1377,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
{ {
X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject = X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
NULL; NULL;
ASN1_UTCTIME *tm; const ASN1_TIME *tm;
ASN1_STRING *str, *str2; ASN1_STRING *str, *str2;
ASN1_OBJECT *obj; ASN1_OBJECT *obj;
X509 *ret = NULL; X509 *ret = NULL;
@ -1703,7 +1703,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
if (enddate != NULL) { if (enddate != NULL) {
int tdays; int tdays;
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret)); ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
days = tdays; days = tdays;
} }
@ -1789,7 +1789,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
} }
BIO_printf(bio_err, "Certificate is to be certified until "); BIO_printf(bio_err, "Certificate is to be certified until ");
ASN1_TIME_print(bio_err, X509_get_notAfter(ret)); ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
if (days) if (days)
BIO_printf(bio_err, " (%ld days)", days); BIO_printf(bio_err, " (%ld days)", days);
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
@ -1822,7 +1822,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
/* We now just add it to the database */ /* We now just add it to the database */
row[DB_type] = OPENSSL_strdup("V"); row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(ret); tm = X509_get0_notAfter(ret);
row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate"); row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
memcpy(row[DB_exp_date], tm->data, tm->length); memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0'; row[DB_exp_date][tm->length] = '\0';
@ -2021,7 +2021,7 @@ static int check_time_format(const char *str)
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
{ {
ASN1_UTCTIME *tm = NULL; const ASN1_TIME *tm = NULL;
char *row[DB_NUMBER], **rrow, **irow; char *row[DB_NUMBER], **rrow, **irow;
char *rev_str = NULL; char *rev_str = NULL;
BIGNUM *bn = NULL; BIGNUM *bn = NULL;
@ -2054,7 +2054,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
/* We now just add it to the database */ /* We now just add it to the database */
row[DB_type] = OPENSSL_strdup("V"); row[DB_type] = OPENSSL_strdup("V");
tm = X509_get_notAfter(x509); tm = X509_get0_notAfter(x509);
row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data"); row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
memcpy(row[DB_exp_date], tm->data, tm->length); memcpy(row[DB_exp_date], tm->data, tm->length);
row[DB_exp_date][tm->length] = '\0'; row[DB_exp_date][tm->length] = '\0';

6
apps/crl.c
View File

@ -285,13 +285,13 @@ int crl_main(int argc, char **argv)
#endif #endif
if (lastupdate == i) { if (lastupdate == i) {
BIO_printf(bio_out, "lastUpdate="); BIO_printf(bio_out, "lastUpdate=");
ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x)); ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");
} }
if (nextupdate == i) { if (nextupdate == i) {
BIO_printf(bio_out, "nextUpdate="); BIO_printf(bio_out, "nextUpdate=");
if (X509_CRL_get_nextUpdate(x)) if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x)); ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
else else
BIO_printf(bio_out, "NONE"); BIO_printf(bio_out, "NONE");
BIO_printf(bio_out, "\n"); BIO_printf(bio_out, "\n");

4
apps/s_cb.c
View File

@ -82,13 +82,13 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err, "notBefore="); BIO_printf(bio_err, "notBefore=");
ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
break; break;
case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err, "notAfter="); BIO_printf(bio_err, "notAfter=");
ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "\n");
break; break;
case X509_V_ERR_NO_EXPLICIT_POLICY: case X509_V_ERR_NO_EXPLICIT_POLICY:

6
apps/x509.c
View File

@ -746,11 +746,11 @@ int x509_main(int argc, char **argv)
X509_print_ex(out, x, nmflag, certflag); X509_print_ex(out, x, nmflag, certflag);
} else if (startdate == i) { } else if (startdate == i) {
BIO_puts(out, "notBefore="); BIO_puts(out, "notBefore=");
ASN1_TIME_print(out, X509_get_notBefore(x)); ASN1_TIME_print(out, X509_get0_notBefore(x));
BIO_puts(out, "\n"); BIO_puts(out, "\n");
} else if (enddate == i) { } else if (enddate == i) {
BIO_puts(out, "notAfter="); BIO_puts(out, "notAfter=");
ASN1_TIME_print(out, X509_get_notAfter(x)); ASN1_TIME_print(out, X509_get0_notAfter(x));
BIO_puts(out, "\n"); BIO_puts(out, "\n");
} else if (fingerprint == i) { } else if (fingerprint == i) {
int j; int j;
@ -837,7 +837,7 @@ int x509_main(int argc, char **argv)
if (checkend) { if (checkend) {
time_t tcheck = time(NULL) + checkoffset; time_t tcheck = time(NULL) + checkoffset;
if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) { if (X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0) {
BIO_printf(out, "Certificate will expire\n"); BIO_printf(out, "Certificate will expire\n");
ret = 1; ret = 1;
} else { } else {

6
crypto/x509/t_crl.c
View File

@ -51,10 +51,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
BIO_printf(out, "%8sIssuer: %s\n", "", p); BIO_printf(out, "%8sIssuer: %s\n", "", p);
OPENSSL_free(p); OPENSSL_free(p);
BIO_printf(out, "%8sLast Update: ", ""); BIO_printf(out, "%8sLast Update: ", "");
ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
BIO_printf(out, "\n%8sNext Update: ", ""); BIO_printf(out, "\n%8sNext Update: ", "");
if (X509_CRL_get_nextUpdate(x)) if (X509_CRL_get0_nextUpdate(x))
ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
else else
BIO_printf(out, "NONE"); BIO_printf(out, "NONE");
BIO_printf(out, "\n"); BIO_printf(out, "\n");

4
crypto/x509/t_x509.c
View File

@ -129,11 +129,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
goto err; goto err;
if (BIO_write(bp, " Not Before: ", 24) <= 0) if (BIO_write(bp, " Not Before: ", 24) <= 0)
goto err; goto err;
if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
goto err; goto err;
if (BIO_write(bp, "\n Not After : ", 25) <= 0) if (BIO_write(bp, "\n Not After : ", 25) <= 0)
goto err; goto err;
if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
goto err; goto err;
if (BIO_write(bp, "\n", 1) <= 0) if (BIO_write(bp, "\n", 1) <= 0)
goto err; goto err;

18
crypto/x509/x509_set.c
View File

@ -71,14 +71,14 @@ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
return (in != NULL); return (in != NULL);
} }
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
{ {
if (x == NULL) if (x == NULL)
return 0; return 0;
return x509_set1_time(&x->cert_info.validity.notBefore, tm); return x509_set1_time(&x->cert_info.validity.notBefore, tm);
} }
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
{ {
if (x == NULL) if (x == NULL)
return 0; return 0;
@ -109,7 +109,18 @@ long X509_get_version(const X509 *x)
return ASN1_INTEGER_get(x->cert_info.version); return ASN1_INTEGER_get(x->cert_info.version);
} }
ASN1_TIME * X509_get_notBefore(const X509 *x) const ASN1_TIME *X509_get0_notBefore(const X509 *x)
{
return x->cert_info.validity.notBefore;
}
const ASN1_TIME *X509_get0_notAfter(const X509 *x)
{
return x->cert_info.validity.notAfter;
}
#if OPENSSL_API_COMPAT < 0x10100000L
ASN1_TIME *X509_get_notBefore(const X509 *x)
{ {
return x->cert_info.validity.notBefore; return x->cert_info.validity.notBefore;
} }
@ -118,6 +129,7 @@ ASN1_TIME *X509_get_notAfter(const X509 *x)
{ {
return x->cert_info.validity.notAfter; return x->cert_info.validity.notAfter;
} }
#endif
int X509_get_signature_type(const X509 *x) int X509_get_signature_type(const X509 *x)
{ {

18
crypto/x509/x509_vfy.c
View File

@ -921,7 +921,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
else else
ptime = NULL; ptime = NULL;
i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
if (i == 0) { if (i == 0) {
if (!notify) if (!notify)
return 0; return 0;
@ -936,8 +936,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
return 0; return 0;
} }
if (X509_CRL_get_nextUpdate(crl)) { if (X509_CRL_get0_nextUpdate(crl)) {
i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
if (i == 0) { if (i == 0) {
if (!notify) if (!notify)
@ -979,8 +979,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
/* If current CRL is equivalent use it if it is newer */ /* If current CRL is equivalent use it if it is newer */
if (crl_score == best_score) { if (crl_score == best_score) {
int day, sec; int day, sec;
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
X509_CRL_get_lastUpdate(crl)) == 0) X509_CRL_get0_lastUpdate(crl)) == 0)
continue; continue;
/* /*
* ASN1_TIME_diff never returns inconsistent signs for |day| * ASN1_TIME_diff never returns inconsistent signs for |day|
@ -1646,7 +1646,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
else else
ptime = NULL; ptime = NULL;
i = X509_cmp_time(X509_get_notBefore(x), ptime); i = X509_cmp_time(X509_get0_notBefore(x), ptime);
if (i >= 0 && depth < 0) if (i >= 0 && depth < 0)
return 0; return 0;
if (i == 0 && !verify_cb_cert(ctx, x, depth, if (i == 0 && !verify_cb_cert(ctx, x, depth,
@ -1655,7 +1655,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID)) if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
return 0; return 0;
i = X509_cmp_time(X509_get_notAfter(x), ptime); i = X509_cmp_time(X509_get0_notAfter(x), ptime);
if (i <= 0 && depth < 0) if (i <= 0 && depth < 0)
return 0; return 0;
if (i == 0 && !verify_cb_cert(ctx, x, depth, if (i == 0 && !verify_cb_cert(ctx, x, depth,
@ -1983,9 +1983,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
goto memerr; goto memerr;
if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
goto memerr; goto memerr;
if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
goto memerr; goto memerr;
/* Set base CRL number: must be critical */ /* Set base CRL number: must be critical */

20
crypto/x509/x509cset.c
View File

@ -33,14 +33,14 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
return (X509_NAME_set(&x->crl.issuer, name)); return (X509_NAME_set(&x->crl.issuer, name));
} }
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
{ {
if (x == NULL) if (x == NULL)
return 0; return 0;
return x509_set1_time(&x->crl.lastUpdate, tm); return x509_set1_time(&x->crl.lastUpdate, tm);
} }
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{ {
if (x == NULL) if (x == NULL)
return 0; return 0;
@ -80,16 +80,28 @@ long X509_CRL_get_version(const X509_CRL *crl)
return ASN1_INTEGER_get(crl->crl.version); return ASN1_INTEGER_get(crl->crl.version);
} }
ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl) const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
{ {
return crl->crl.lastUpdate; return crl->crl.lastUpdate;
} }
ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl) const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
{ {
return crl->crl.nextUpdate; return crl->crl.nextUpdate;
} }
#if OPENSSL_API_COMPAT < 0x10100000L
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
{
return crl->crl.lastUpdate;
}
ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
{
return crl->crl.nextUpdate;
}
#endif
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
{ {
return crl->crl.issuer; return crl->crl.issuer;

46
doc/crypto/X509_get_notBefore.pod
View File

@ -2,60 +2,67 @@
=head1 NAME =head1 NAME
X509_get_notBefore, X509_get_notAfter, X509_set_notBefore, X509_get0_notBefore, X509_get_notBefore, X509_get0_notAfter, X509_get_notAfter,
X509_set_notAfter, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate,
X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdate - get or set certificate X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
or CRL dates X509_CRL_set1_nextUpdate - get or set certificate or CRL dates
=head1 SYNOPSIS =head1 SYNOPSIS
#include <openssl/x509.h> #include <openssl/x509.h>
const ASN1_TIME *X509_get0_notBefore(const X509 *x);
const ASN1_TIME *X509_get0_notAfter(const X509 *x);
ASN1_TIME *X509_get_notBefore(const X509 *x); ASN1_TIME *X509_get_notBefore(const X509 *x);
ASN1_TIME *X509_get_notAfter(const X509 *x); ASN1_TIME *X509_get_notAfter(const X509 *x);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
=head1 DESCRIPTION =head1 DESCRIPTION
X509_get_notBefore() and X509_get_notAfter() return the B<notBefore> X509_get0_notBefore() and X509_get0_notAfter() return the B<notBefore>
and B<notAfter> fields of certificate B<x> respectively. The value and B<notAfter> fields of certificate B<x> respectively. The value
returned is an internal pointer which must not be freed up after returned is an internal pointer which must not be freed up after
the call. the call.
X509_set_notBefore() and X509_set_notAfter() set the B<notBefore> X509_get_notBefore() and X509_get_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they do not
return constant values. They are deprecated in OpenSSL 1.1.0
X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
parameter B<tm> is not transferred by these functions so it must parameter B<tm> is not transferred by these functions so it must
be freed up after the call. be freed up after the call.
X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() return the X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the
B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value B<lastUpdate> and B<nextUpdate> fields of B<crl>. The value
returned is an internal pointer which must not be freed up after returned is an internal pointer which must not be freed up after
the call. If the B<nextUpdate> field is absent from B<crl> then the call. If the B<nextUpdate> field is absent from B<crl> then
B<NULL> is returned. B<NULL> is returned.
X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() set the B<lastUpdate> X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the B<lastUpdate>
and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter and B<nextUpdate> fields of B<crl> to B<tm>. Ownership of the passed parameter
B<tm> is not transferred by these functions so it must be freed up after the B<tm> is not transferred by these functions so it must be freed up after the
call. call.
=head1 RETURN VALUES =head1 RETURN VALUES
X509_get_notBefore(), X509_get_notAfter() and X509_CRL_get_lastUpdate() X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate()
return a pointer to an B<ASN1_TIME> structure. return a pointer to an B<ASN1_TIME> structure.
X509_CRL_get_lastUpdate() return a pointer to an B<ASN1_TIME> structure X509_CRL_get0_lastUpdate() return a pointer to an B<ASN1_TIME> structure
or NULL if the B<lastUpdate> field is absent. or NULL if the B<lastUpdate> field is absent.
X509_set_notBefore(), X509_set_notAfter(), X509_CRL_set_lastUpdate() and X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and
X509_CRL_set_nextUpdate() return 1 for success or 0 for failure. X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.
=head1 SEE ALSO =head1 SEE ALSO
@ -80,6 +87,9 @@ L<X509_verify_cert(3)>
These functions are available in all versions of OpenSSL. These functions are available in all versions of OpenSSL.
X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL
1.1.0
=head1 COPYRIGHT =head1 COPYRIGHT
Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

32
include/openssl/x509.h
View File

@ -622,13 +622,22 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_issuer_name(const X509 *a); X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, X509_NAME *name); int X509_set_subject_name(X509 *x, X509_NAME *name);
X509_NAME *X509_get_subject_name(const X509 *a); X509_NAME *X509_get_subject_name(const X509 *a);
ASN1_TIME * X509_get_notBefore(const X509 *x); const ASN1_TIME * X509_get0_notBefore(const X509 *x);
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notBefore(const X509 *x))
ASN1_TIME *X509_get_notAfter(const X509 *x); int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); const ASN1_TIME *X509_get0_notAfter(const X509 *x);
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_get_notAfter(const X509 *x))
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
int X509_up_ref(X509 *x); int X509_up_ref(X509 *x);
int X509_get_signature_type(const X509 *x); int X509_get_signature_type(const X509 *x);
# if OPENSSL_API_COMPAT < 0x10100000L
# define X509_set_notBefore X509_set1_notBefore
# define X509_set_notAfter X509_set1_notAfter
#endif
/* /*
* This one is only used so that a binary form can output, as in * This one is only used so that a binary form can output, as in
* i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
@ -682,14 +691,21 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req,
int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_set_version(X509_CRL *x, long version);
int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
int X509_CRL_sort(X509_CRL *crl); int X509_CRL_sort(X509_CRL *crl);
int X509_CRL_up_ref(X509_CRL *crl); int X509_CRL_up_ref(X509_CRL *crl);
# if OPENSSL_API_COMPAT < 0x10100000L
# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
#endif
long X509_CRL_get_version(const X509_CRL *crl); long X509_CRL_get_version(const X509_CRL *crl);
ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl); const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);