PR: 1854

Submitted by: Oliver Martin <oliver@volatilevoid.net> Reviewed by: steve@openssl.org Support GeneralizedTime in ca utility.
author: Dr. Stephen Henson <steve@openssl.org> 2009-03-09 13:59:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-03-09 13:59:07 +0000
commit: 33ab2e31f380888dc3b8d8ba7da6ded1ae51b0d5 (patch)
tree: ed9cd617104677c021c4a618180d9a336b1160c9
parent: bb7ccdfbe22aac18b26278d862050fbfee9d1b79 (diff)
download: openssl-new-33ab2e31f380888dc3b8d8ba7da6ded1ae51b0d5.tar.gz
4 files changed, 34 insertions, 13 deletions
diff --git a/CHANGES b/CHANGES
index 695ed97479..e42b7d7838 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+
   *) Enhance the hash format used for certificate directory links. The new
      form uses the canonical encoding (meaning equivalent names will work
      even if they aren't identical) and uses SHA1 instead of MD5. This form
diff --git a/apps/ca.c b/apps/ca.c
index cb7bd3552b..4f236cce27 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1109,9 +1109,9 @@ bad:
 			if (startdate == NULL)
 				ERR_clear_error();
 			}
-		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+		if (startdate && !ASN1_TIME_set_string(NULL, startdate))
 			{
-			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
 			goto err;
 			}
 		if (startdate == NULL) startdate="today";
@@ -1123,9 +1123,9 @@ bad:
 			if (enddate == NULL)
 				ERR_clear_error();
 			}
-		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+		if (enddate && !ASN1_TIME_set_string(NULL, enddate))
 			{
-			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
 			goto err;
 			}
 
@@ -2007,11 +2007,11 @@ again2:
 
 	if (strcmp(startdate,"today") == 0)
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
-	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+	else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
 
 	if (enddate == NULL)
 		X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+	else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
 
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2107,7 +2107,7 @@ again2:
 		}
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+	ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
 	if (days) BIO_printf(bio_err," (%ld days)",days);
 	BIO_printf(bio_err, "\n");
 
@@ -2397,12 +2397,7 @@ static int fix_data(int nid, int *type)
 
 static int check_time_format(const char *str)
 	{
-	ASN1_UTCTIME tm;
-
-	tm.data=(unsigned char *)str;
-	tm.length=strlen(str);
-	tm.type=V_ASN1_UTCTIME;
-	return(ASN1_UTCTIME_check(&tm));
+	return ASN1_TIME_set_string(NULL, str);
 	}
 
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 577e263402..576de5805a 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -173,3 +173,25 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 
 	return ret;
 	}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+	{
+	ASN1_TIME t;
+
+	t.length = strlen(str);
+	t.data = (unsigned char *)str;
+	
+	t.type = V_ASN1_UTCTIME;
+
+	if (!ASN1_TIME_check(&t))
+		{
+		t.type = V_ASN1_GENERALIZEDTIME;
+		if (!ASN1_TIME_check(&t))
+			return 0;
+		}
+	
+	if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+			return 0;
+
+	return 1;
+	}
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 26c3a48c6b..2c0e05ba0f 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -885,6 +885,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
 				int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
 int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
 		 i2d_of_void *i2d, int ex_tag, int ex_class,
author	Dr. Stephen Henson <steve@openssl.org>	2009-03-09 13:59:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-03-09 13:59:07 +0000
commit	33ab2e31f380888dc3b8d8ba7da6ded1ae51b0d5 (patch)
tree	ed9cd617104677c021c4a618180d9a336b1160c9
parent	bb7ccdfbe22aac18b26278d862050fbfee9d1b79 (diff)
download	openssl-new-33ab2e31f380888dc3b8d8ba7da6ded1ae51b0d5.tar.gz