diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-03 21:45:14 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-03 21:49:13 +0200 |
| commit | 8f90d5bd7a79b3e69145c3d2fde583d24372f143 (patch) | |
| tree | 590650dd0e068754cabae18aac2d20ce30cf44ca /src/pkcs11.c | |
| parent | e7e6bb2377c78d5d146ef57dd03f087dbb9d0243 (diff) | |
| download | gnutls-8f90d5bd7a79b3e69145c3d2fde583d24372f143.tar.gz | |
p11tool: print expiration time on certificates
This is particularly useful when displaying information about a
certificate trust store.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'src/pkcs11.c')
| -rw-r--r-- | src/pkcs11.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/pkcs11.c b/src/pkcs11.c index a7962d6095..30c188dda1 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -110,7 +110,7 @@ pkcs11_delete(FILE * outfile, const char *url, } static -const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl, unsigned flags) +const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl, unsigned flags, time_t *exp) { int ret; gnutls_pubkey_t pubkey = NULL; @@ -122,6 +122,9 @@ const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl gnutls_pk_algorithm_t pk; gnutls_ecc_curve_t curve; + if (exp) + *exp = -1; + switch (otype) { case GNUTLS_PKCS11_OBJ_X509_CRT: gnutls_x509_crt_init(&crt); @@ -143,6 +146,10 @@ const char *get_key_algo_type(gnutls_pkcs11_obj_type_t otype, const char *objurl p = str; } } + + if (exp) + *exp = gnutls_x509_crt_get_expiration_time(crt); + gnutls_x509_crt_deinit(crt); return p; case GNUTLS_PKCS11_OBJ_PUBKEY: @@ -217,6 +224,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, gnutls_x509_ext_st *exts; unsigned exts_size; unsigned int obj_flags = flags; + time_t exp; pkcs11_common(info); @@ -283,7 +291,7 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, if (otype == GNUTLS_PKCS11_OBJ_PRIVKEY || otype == GNUTLS_PKCS11_OBJ_PUBKEY || otype == GNUTLS_PKCS11_OBJ_X509_CRT) { - p = get_key_algo_type(otype, output, obj_flags); + p = get_key_algo_type(otype, output, obj_flags, &exp); } if (p) { @@ -294,6 +302,13 @@ pkcs11_list(FILE * outfile, const char *url, int type, unsigned int flags, gnutls_pkcs11_type_get_name(otype)); } + if (otype == GNUTLS_PKCS11_OBJ_X509_CRT && exp != -1) { + if (exp == GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION) + fprintf(outfile, "\tExpires: Never\n"); + else + fprintf(outfile, "\tExpires: %s", ctime(&exp)); + } + gnutls_free(output); size = sizeof(buf); |