From: William Lallemand Date: Fri, 6 Dec 2024 16:42:19 +0000 (+0100) Subject: MINOR: ssl: add notBefore and notAfter utility functions X-Git-Tag: v3.2-dev1~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5454824e31f179686ab21bde71195aaee506466c;p=thirdparty%2Fhaproxy.git MINOR: ssl: add notBefore and notAfter utility functions Extracting notBefore and notAfter as a string can be bothersome, add 2 utility functions that returns the value in a static buffer. --- diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h index 3391efd38b..74426e0293 100644 --- a/include/haproxy/ssl_utils.h +++ b/include/haproxy/ssl_utils.h @@ -45,6 +45,8 @@ void exclude_tls_grease(char *input, int len, struct buffer *output); int x509_v_err_str_to_int(const char *str); const char *x509_v_err_int_to_str(int code); long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d); +const char *x509_get_notbefore(X509 *cert); +const char *x509_get_notafter(X509 *cert); #endif /* _HAPROXY_SSL_UTILS_H */ #endif /* USE_OPENSSL */ diff --git a/src/ssl_utils.c b/src/ssl_utils.c index 4a85b89187..dfa069dd3e 100644 --- a/src/ssl_utils.c +++ b/src/ssl_utils.c @@ -700,3 +700,56 @@ nosec: return -1; } + +/* Return the nofAfter value as as string extracted from an X509 certificate + * The returned buffer is static and thread local. + */ +const char *x509_get_notafter(X509 *cert) +{ + BIO *bio = NULL; + int write; + static THREAD_LOCAL char buf[256]; + + memset(buf, 0, sizeof(buf)); + + if ((bio = BIO_new(BIO_s_mem())) == NULL) + goto end; + if (ASN1_TIME_print(bio, X509_getm_notAfter(cert)) == 0) + goto end; + write = BIO_read(bio, buf, sizeof(buf)-1); + buf[write] = '\0'; + BIO_free(bio); + + return buf; + +end: + BIO_free(bio); + return NULL; +} + +/* Return the nofBefore value as as string extracted from an X509 certificate + * The returned buffer is static and thread local. + */ +const char *x509_get_notbefore(X509 *cert) +{ + BIO *bio = NULL; + int write; + static THREAD_LOCAL char buf[256]; + + memset(buf, 0, sizeof(buf)); + + if ((bio = BIO_new(BIO_s_mem())) == NULL) + goto end; + if (ASN1_TIME_print(bio, X509_getm_notBefore(cert)) == 0) + goto end; + write = BIO_read(bio, buf, sizeof(buf)-1); + buf[write] = '\0'; + BIO_free(bio); + + return buf; + +end: + BIO_free(bio); + return NULL; +} +