From: William Lallemand Date: Mon, 16 Dec 2024 11:34:56 +0000 (+0100) Subject: MINOR: ssl: add utils functions to extract X509 notAfter date X-Git-Tag: v3.2-dev2~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb88f68cf73fa94f2cb63dcfa51cc9177a1627d6;p=thirdparty%2Fhaproxy.git MINOR: ssl: add utils functions to extract X509 notAfter date Add ASN1_to_time_t() which converts an ASN1_TIME to a time_t and x509_get_notafter_time_t() which returns the notAfter date in time_t format. --- diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h index 74426e0293..a4add735f1 100644 --- a/include/haproxy/ssl_utils.h +++ b/include/haproxy/ssl_utils.h @@ -47,6 +47,10 @@ const char *x509_v_err_int_to_str(int code); long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d); const char *x509_get_notbefore(X509 *cert); const char *x509_get_notafter(X509 *cert); +#ifdef HAVE_ASN1_TIME_TO_TM +time_t ASN1_to_time_t(ASN1_TIME *asn1_time); +time_t x509_get_notafter_time_t(X509 *cert); +#endif #endif /* _HAPROXY_SSL_UTILS_H */ #endif /* USE_OPENSSL */ diff --git a/src/ssl_utils.c b/src/ssl_utils.c index dfa069dd3e..7bcb2f81f0 100644 --- a/src/ssl_utils.c +++ b/src/ssl_utils.c @@ -753,3 +753,33 @@ end: return NULL; } +#ifdef HAVE_ASN1_TIME_TO_TM +/* Takes a ASN1_TIME and converts it into a time_t */ +time_t ASN1_to_time_t(ASN1_TIME *asn1_time) +{ + struct tm tm; + time_t ret = -1; + + if (ASN1_TIME_to_tm(asn1_time, &tm) == 0) + goto error; + + ret = my_timegm(&tm); +error: + return ret; +} + +/* return the notAfter date of a X509 certificate in a time_t format */ +time_t x509_get_notafter_time_t(X509 *cert) +{ + time_t ret = -1; + ASN1_TIME *asn1_time; + + if ((asn1_time = X509_getm_notAfter(cert)) == NULL) + goto error; + + ret = ASN1_to_time_t(asn1_time); + +error: + return ret; +} +#endif