From: William Lallemand <wlallemand@haproxy.com>
Date: Fri, 2 May 2025 12:42:28 +0000 (+0200)
Subject: MINOR: ssl: add function to extract X509 notBefore date in time_t
X-Git-Tag: v3.2-dev14~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=626de9538e8efba2e95fc54b7b78ecef7b9689a3;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add function to extract X509 notBefore date in time_t

Add x509_get_notbefore_time_t() which returns the notBefore date in
time_t format.
---

diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h
index a01812159..99b202019 100644
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@@ -50,6 +50,7 @@ const char *x509_get_notafter(X509 *cert);
 #ifdef HAVE_ASN1_TIME_TO_TM
 time_t ASN1_to_time_t(ASN1_TIME *asn1_time);
 time_t x509_get_notafter_time_t(X509 *cert);
+time_t x509_get_notbefore_time_t(X509 *cert);
 #endif
 int curves2nid(const char *curve);
 const char *nid2nist(int nid);
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 916e230f0..a75125f8f 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -779,6 +779,21 @@ time_t x509_get_notafter_time_t(X509 *cert)
 
 	ret = ASN1_to_time_t(asn1_time);
 
+error:
+	return ret;
+}
+
+/* return the notBefore date of a X509 certificate in a time_t format */
+time_t x509_get_notbefore_time_t(X509 *cert)
+{
+	time_t ret = -1;
+	ASN1_TIME *asn1_time;
+
+	if ((asn1_time = X509_getm_notBefore(cert)) == NULL)
+		goto error;
+
+	ret = ASN1_to_time_t(asn1_time);
+
 error:
 	return ret;
 }