MINOR: ssl: add utils functions to extract X509 notAfter date

Add ASN1_to_time_t() which converts an ASN1_TIME to a time_t and
x509_get_notafter_time_t() which returns the notAfter date in time_t
format.

diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h
index 74426e0293848d299764828457279d34b2deacc2..a4add735f1c93b8dca5e615bfbf8b0412d12f324 100644 (file)
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@@ -47,6 +47,10 @@ const char *x509_v_err_int_to_str(int code);
 long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d);
 const char *x509_get_notbefore(X509 *cert);
 const char *x509_get_notafter(X509 *cert);
+#ifdef HAVE_ASN1_TIME_TO_TM
+time_t ASN1_to_time_t(ASN1_TIME *asn1_time);
+time_t x509_get_notafter_time_t(X509 *cert);
+#endif
 
 #endif /* _HAPROXY_SSL_UTILS_H */
 #endif /* USE_OPENSSL */

diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index dfa069dd3e3f1e5fed45ded1b220fdf91d39a993..7bcb2f81f0adfb1b6637a298c217d0eac6474afc 100644 (file)
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -753,3 +753,33 @@ end:
        return NULL;
 }
 
+#ifdef HAVE_ASN1_TIME_TO_TM
+/* Takes a ASN1_TIME and converts it into a time_t */
+time_t ASN1_to_time_t(ASN1_TIME *asn1_time)
+{
+       struct tm tm;
+       time_t ret = -1;
+
+       if (ASN1_TIME_to_tm(asn1_time, &tm) == 0)
+               goto error;
+
+       ret  = my_timegm(&tm);
+error:
+       return ret;
+}
+
+/* return the notAfter date of a X509 certificate in a time_t format */
+time_t x509_get_notafter_time_t(X509 *cert)
+{
+       time_t ret = -1;
+       ASN1_TIME *asn1_time;
+
+       if ((asn1_time = X509_getm_notAfter(cert)) == NULL)
+               goto error;
+
+       ret = ASN1_to_time_t(asn1_time);
+
+error:
+       return ret;
+}
+#endif