diff options
| -rw-r--r-- | apps/x509.c | 27 | ||||
| -rw-r--r-- | crypto/asn1/a_utctm.c | 29 | ||||
| -rw-r--r-- | crypto/asn1/asn1.h | 1 |
3 files changed, 57 insertions, 0 deletions
diff --git a/apps/x509.c b/apps/x509.c index 5403576585..0184c62bb2 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -113,6 +113,8 @@ static char *x509_usage[]={ " -addreject arg - reject certificate for a given purpose\n", " -setalias arg - set certificate alias\n", " -days arg - How long till expiry of a signed certificate - def 30 days\n", +" -checkend arg - check whether the cert expires in the next arg seconds\n", +" exit 1 if so, 0 if not\n", " -signkey arg - self sign cert with arg\n", " -x509toreq - output a certification request object\n", " -req - input is a certificate request, sign and output.\n", @@ -173,6 +175,7 @@ int MAIN(int argc, char **argv) LHASH *extconf = NULL; char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL; int need_rand = 0; + int checkend=0,checkoffset=0; reqfile=0; @@ -353,6 +356,12 @@ int MAIN(int argc, char **argv) startdate= ++num; else if (strcmp(*argv,"-enddate") == 0) enddate= ++num; + else if (strcmp(*argv,"-checkend") == 0) + { + if (--argc < 1) goto bad; + checkoffset=atoi(*(++argv)); + checkend=1; + } else if (strcmp(*argv,"-noout") == 0) noout= ++num; else if (strcmp(*argv,"-trustout") == 0) @@ -839,6 +848,24 @@ bad: } } + if(checkend) + { + time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x)); + time_t tnow=time(NULL); + + if(tnow+checkoffset > t) + { + BIO_printf(out,"Certificate will expire\n"); + ret=1; + } + else + { + BIO_printf(out,"Certificate will not expire\n"); + ret=0; + } + goto end; + } + if (noout) { ret=0; diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 07565974e3..e8d2836c58 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -264,3 +264,32 @@ ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) #endif return(s); } + +time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) + { + struct tm tm; + int offset; + + memset(&tm,'\0',sizeof tm); + +#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') + tm.tm_year=g2(s->data); + if(tm.tm_year < 50) + tm.tm_year+=100; + tm.tm_mon=g2(s->data+2)-1; + tm.tm_mday=g2(s->data+4); + tm.tm_hour=g2(s->data+6); + tm.tm_min=g2(s->data+8); + tm.tm_sec=g2(s->data+10); + if(s->data[12] == 'Z') + offset=0; + else + { + offset=g2(s->data+13)*60+g2(s->data+15); + if(s->data[12] == '-') + offset= -offset; + } +#undef g2 + + return timegm(&tm)-offset*60; + } diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 8cf317640e..f340ed41df 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -579,6 +579,7 @@ ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a,unsigned char **pp, int ASN1_UTCTIME_check(ASN1_UTCTIME *a); ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); +time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); |