s[signature->length - 1] ^= 0x1;
}
+int check_cert_time_string(const char *time, const char *desc)
+{
+ if (time == NULL || strcmp(time, "today") == 0
+ || ASN1_TIME_set_string_X509(NULL, time))
+ return 1;
+ BIO_printf(bio_err,
+ "%s is invalid, it should be \"today\" or have format [CC]YYMMDDHHMMSSZ\n",
+ desc);
+ return 0;
+}
+
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
- int days)
+ int days, int strict_compare_times)
{
+ if (!check_cert_time_string(startdate, "start date"))
+ return 0;
+ if (!check_cert_time_string(enddate, "end date"))
+ return 0;
if (startdate == NULL || strcmp(startdate, "today") == 0) {
- if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+ if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) {
+ BIO_printf(bio_err, "Error setting notBefore certificate field\n");
return 0;
+ }
} else {
- if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
+ if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) {
+ BIO_printf(bio_err, "Error setting notBefore certificate field\n");
return 0;
+ }
+ }
+ if (enddate != NULL && strcmp(enddate, "today") == 0) {
+ enddate = NULL;
+ days = 0;
}
if (enddate == NULL) {
- if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
- == NULL)
+ if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) == NULL) {
+ BIO_printf(bio_err, "Error setting notAfter certificate field\n");
return 0;
+ }
} else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
+ BIO_printf(bio_err, "Error setting notAfter certificate field\n");
return 0;
}
+ if (ASN1_TIME_compare(X509_get0_notAfter(x), X509_get0_notBefore(x)) < 0) {
+ BIO_printf(bio_err, "%s: end date before start date\n",
+ strict_compare_times ? "Error" : "Warning");
+ if (strict_compare_times)
+ return 0;
+ }
return 1;
}