diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-03-17 17:48:31 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-03-17 17:53:26 +0100 |
| commit | fe279dc234c04712086b810567f5586b2696f79c (patch) | |
| tree | ae0e236186249b19dae21c1238aec8a182e06461 /doc | |
| parent | aa9b56ffb468fbe7066062dc46a145cf4898d8cd (diff) | |
| download | gnutls-fe279dc234c04712086b810567f5586b2696f79c.tar.gz | |
Use the flags for expiration instead of getting the time of each certificate.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/examples/ex-rfc2818.c | 18 | ||||
| -rw-r--r-- | doc/examples/ex-verify.c | 30 |
2 files changed, 14 insertions, 34 deletions
diff --git a/doc/examples/ex-rfc2818.c b/doc/examples/ex-rfc2818.c index 73a3d1bd51..1df60a88e8 100644 --- a/doc/examples/ex-rfc2818.c +++ b/doc/examples/ex-rfc2818.c @@ -43,6 +43,11 @@ verify_certificate (gnutls_session_t session, const char *hostname) if (status & GNUTLS_CERT_REVOKED) printf ("The certificate has been revoked.\n"); + if (status & GNUTLS_CERT_EXPIRED) + printf ("The certificate has expired\n"); + + if (status & GNUTLS_CERT_NOT_ACTIVATED) + printf ("The certificate is not yet activated\n"); /* Up to here the process is the same for X.509 certificates and * OpenPGP keys. From now on X.509 certificates are assumed. This can @@ -73,19 +78,6 @@ verify_certificate (gnutls_session_t session, const char *hostname) return; } - /* Beware here we do not check for errors. - */ - if (gnutls_x509_crt_get_expiration_time (cert) < time (0)) - { - printf ("The certificate has expired\n"); - return; - } - - if (gnutls_x509_crt_get_activation_time (cert) > time (0)) - { - printf ("The certificate is not yet activated\n"); - return; - } if (!gnutls_x509_crt_check_hostname (cert, hostname)) { diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c index 9c89d51b73..3daabede4d 100644 --- a/doc/examples/ex-verify.c +++ b/doc/examples/ex-verify.c @@ -103,7 +103,6 @@ verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, { unsigned int output; int ret; - time_t now = time (0); size_t name_size; char name[64]; @@ -139,21 +138,16 @@ verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, fprintf (stderr, ": no issuer was found"); if (output & GNUTLS_CERT_SIGNER_NOT_CA) fprintf (stderr, ": issuer is not a CA"); + if (output & GNUTLS_CERT_NOT_ACTIVATED) + fprintf (stderr, ": not yet activated\n"); + if (output & GNUTLS_CERT_EXPIRED) + fprintf (stderr, ": expired\n"); fprintf (stderr, "\n"); } else fprintf (stderr, "Trusted\n"); - - /* Now check the expiration dates. - */ - if (gnutls_x509_crt_get_activation_time (crt) > now) - fprintf (stderr, "Not yet activated\n"); - - if (gnutls_x509_crt_get_expiration_time (crt) < now) - fprintf (stderr, "Expired\n"); - /* Check if the certificate is revoked. */ ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size); @@ -174,7 +168,6 @@ verify_last_cert (gnutls_x509_crt_t crt, { unsigned int output; int ret; - time_t now = time (0); size_t name_size; char name[64]; @@ -202,21 +195,16 @@ verify_last_cert (gnutls_x509_crt_t crt, if (output & GNUTLS_CERT_SIGNER_NOT_CA) fprintf (stderr, ": Issuer is not a CA\n"); - else - fprintf (stderr, "\n"); + if (output & GNUTLS_CERT_NOT_ACTIVATED) + fprintf (stderr, ": Not yet activated\n"); + if (output & GNUTLS_CERT_EXPIRED) + fprintf (stderr, ": Expired\n"); + fprintf (stderr, "\n"); } else fprintf (stderr, "Trusted\n"); - /* Now check the expiration dates. - */ - if (gnutls_x509_crt_get_activation_time (crt) > now) - fprintf (stderr, "Not yet activated\n"); - - if (gnutls_x509_crt_get_expiration_time (crt) < now) - fprintf (stderr, "Expired\n"); - /* Check if the certificate is revoked. */ ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size); |