MINOR: ssl: add function to extract X509 notBefore date in time_t

Add x509_get_notbefore_time_t() which returns the notBefore date in
time_t format.

diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h
index a0181215978556d636608b10ff1e050d15143599..99b202019be0a23216f4a69a668a78ae8147906d 100644 (file)
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@@ -50,6 +50,7 @@ const char *x509_get_notafter(X509 *cert);
 #ifdef HAVE_ASN1_TIME_TO_TM
 time_t ASN1_to_time_t(ASN1_TIME *asn1_time);
 time_t x509_get_notafter_time_t(X509 *cert);
+time_t x509_get_notbefore_time_t(X509 *cert);
 #endif
 int curves2nid(const char *curve);
 const char *nid2nist(int nid);

diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 916e230f0df8e72debb1e05e5ee47be9c2b92c56..a75125f8f9c60420b196030ca0e6552cf88e2071 100644 (file)
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -779,6 +779,21 @@ time_t x509_get_notafter_time_t(X509 *cert)
 
        ret = ASN1_to_time_t(asn1_time);
 
+error:
+       return ret;
+}
+
+/* return the notBefore date of a X509 certificate in a time_t format */
+time_t x509_get_notbefore_time_t(X509 *cert)
+{
+       time_t ret = -1;
+       ASN1_TIME *asn1_time;
+
+       if ((asn1_time = X509_getm_notBefore(cert)) == NULL)
+               goto error;
+
+       ret = ASN1_to_time_t(asn1_time);
+
 error:
        return ret;
 }