Set certificate times in one function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
parent
3a60d6fa2f
commit
dc047d31fa
5 changed files with 44 additions and 23 deletions
34
apps/apps.c
34
apps/apps.c
|
@ -2589,3 +2589,37 @@ void corrupt_signature(const ASN1_STRING *signature)
|
|||
unsigned char *s = signature->data;
|
||||
s[signature->length - 1] ^= 0x1;
|
||||
}
|
||||
|
||||
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
|
||||
int days)
|
||||
{
|
||||
int rv = 0;
|
||||
ASN1_TIME *tm = ASN1_TIME_new();
|
||||
if (tm == NULL)
|
||||
goto err;
|
||||
if (startdate == NULL || strcmp(startdate, "today") == 0) {
|
||||
if (!X509_gmtime_adj(tm, 0))
|
||||
goto err;
|
||||
} else if (!ASN1_TIME_set_string(tm, startdate)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!X509_set_notBefore(x, tm))
|
||||
goto err;
|
||||
|
||||
if (enddate == NULL) {
|
||||
if (!X509_time_adj_ex(tm, days, 0, NULL))
|
||||
goto err;
|
||||
} else if (!ASN1_TIME_set_string(tm, enddate)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!X509_set_notAfter(x, tm))
|
||||
goto err;
|
||||
|
||||
rv = 1;
|
||||
|
||||
err:
|
||||
ASN1_TIME_free(tm);
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -72,6 +72,8 @@ int has_stdin_waiting(void);
|
|||
# endif
|
||||
|
||||
void corrupt_signature(const ASN1_STRING *signature);
|
||||
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
|
||||
int days);
|
||||
|
||||
/*
|
||||
* Common verification options.
|
||||
|
|
11
apps/ca.c
11
apps/ca.c
|
@ -1698,16 +1698,11 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
|
|||
goto end;
|
||||
}
|
||||
|
||||
if (strcmp(startdate, "today") == 0)
|
||||
X509_gmtime_adj(X509_get_notBefore(ret), 0);
|
||||
else
|
||||
ASN1_TIME_set_string(X509_get_notBefore(ret), startdate);
|
||||
if (!set_cert_times(ret, startdate, enddate, days))
|
||||
goto end;
|
||||
|
||||
if (enddate == NULL)
|
||||
X509_time_adj_ex(X509_get_notAfter(ret), days, 0, NULL);
|
||||
else {
|
||||
if (enddate != NULL) {
|
||||
int tdays;
|
||||
ASN1_TIME_set_string(X509_get_notAfter(ret), enddate);
|
||||
ASN1_TIME_diff(&tdays, NULL, NULL, X509_get_notAfter(ret));
|
||||
days = tdays;
|
||||
}
|
||||
|
|
|
@ -616,9 +616,7 @@ int req_main(int argc, char **argv)
|
|||
|
||||
if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
|
||||
goto end;
|
||||
if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
|
||||
goto end;
|
||||
if (!X509_time_adj_ex(X509_get_notAfter(x509ss), days, 0, NULL))
|
||||
if (!set_cert_times(x509ss, NULL, NULL, days))
|
||||
goto end;
|
||||
if (!X509_set_subject_name
|
||||
(x509ss, X509_REQ_get_subject_name(req)))
|
||||
|
|
16
apps/x509.c
16
apps/x509.c
|
@ -554,9 +554,9 @@ int x509_main(int argc, char **argv)
|
|||
goto end;
|
||||
if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
|
||||
goto end;
|
||||
if (!set_cert_times(x, NULL, NULL, days))
|
||||
goto end;
|
||||
|
||||
X509_gmtime_adj(X509_get_notBefore(x), 0);
|
||||
X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL);
|
||||
if (fkey)
|
||||
X509_set_pubkey(x, fkey);
|
||||
else {
|
||||
|
@ -983,11 +983,7 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
|
|||
if (!X509_set_serialNumber(x, bs))
|
||||
goto end;
|
||||
|
||||
if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
|
||||
goto end;
|
||||
|
||||
/* hardwired expired */
|
||||
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
|
||||
if (!set_cert_times(x, NULL, NULL, days))
|
||||
goto end;
|
||||
|
||||
if (clrext) {
|
||||
|
@ -1056,12 +1052,8 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
|
|||
|
||||
if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
|
||||
goto err;
|
||||
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
|
||||
if (!set_cert_times(x, NULL, NULL, days))
|
||||
goto err;
|
||||
|
||||
if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
|
||||
goto err;
|
||||
|
||||
if (!X509_set_pubkey(x, pkey))
|
||||
goto err;
|
||||
if (clrext) {
|
||||
|
|
Loading…
Reference in a new issue