src/gl/time.h
src/gl/unistd.h
src/gl/warn-on-use.h
+doc/stamp_invoke
+src/gl/libgnu_gpl.a
+src/gl/libgnu_gpl.la
AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS)
AM_CPPFLAGS = \
-I$(srcdir)/../gl \
+ -I$(srcdir)/gl \
-I$(builddir)/../gl \
-I$(builddir)/../lib/includes \
-I$(srcdir)/../lib/includes \
libcmd_certtool_la_CFLAGS =
libcmd_certtool_la_SOURCES = certtool-args.c certtool-args.def certtool-args.h \
certtool-cfg.h certtool-cfg.c
-libcmd_certtool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la gl/libgnu_gpl.a
-libcmd_certtool_la_LIBADD += $(LTLIBINTL)
+libcmd_certtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la
+libcmd_certtool_la_LIBADD += $(LIBOPTS) $(LTLIBINTL)
libcmd_certtool_la_LIBADD += $(LTLIBREADLINE)
libcmd_certtool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
libcmd_danetool_la_CFLAGS =
libcmd_danetool_la_SOURCES = danetool-args.c danetool-args.def danetool-args.h \
certtool-cfg.h certtool-cfg.c
-libcmd_danetool_la_LIBADD = $(LIBOPTS) ../gl/libgnu.la ../lib/libgnutls.la
+libcmd_danetool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la
+libcmd_danetool_la_LIBADD += $(LIBOPTS)
libcmd_danetool_la_LIBADD += $(LTLIBINTL)
libcmd_danetool_la_LIBADD += $(LTLIBREADLINE)
-libcmd_danetool_la_LIBADD += $(INET_PTON_LIB)
+libcmd_danetool_la_LIBADD += $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
# p11 tool
if ENABLE_PKCS11
libcmd_p11tool_la_CFLAGS =
libcmd_p11tool_la_SOURCES = p11tool-args.def p11tool-args.c p11tool-args.h \
certtool-cfg.h certtool-cfg.c
-libcmd_p11tool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la
-libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB)
+libcmd_p11tool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la
+libcmd_p11tool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
endif # ENABLE_PKCS11
libcmd_tpmtool_la_CFLAGS =
libcmd_tpmtool_la_SOURCES = tpmtool-args.def tpmtool-args.c tpmtool-args.h \
certtool-cfg.h certtool-cfg.c
-libcmd_tpmtool_la_LIBADD = ../gl/libgnu.la ../lib/libgnutls.la
-libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB)
+libcmd_tpmtool_la_LIBADD = ../lib/libgnutls.la gl/libgnu_gpl.la ../gl/libgnu.la
+libcmd_tpmtool_la_LIBADD += $(LTLIBREADLINE) $(INET_PTON_LIB) $(LIB_CLOCK_GETTIME)
endif # ENABLE_TROUSERS
# Use -1 if there is no expiration date.
expiration_days = 700
+# Alternatively you may set concrete dates. Acceptable dates are dates
+# read by getdate().
+#activation_date = "2004-02-29 16:21:42"
+#expiration_date = "2025-02-29 16:24:41"
+
# X.509 v3 extensions
# A dnsname in case of a WWW server.
/*
* Copyright (C) 2004-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* This file is part of GnuTLS.
*
#include <limits.h>
#include <inttypes.h>
#include <time.h>
+#include <parse-datetime.h>
#include <autoopts/options.h>
+#include <intprops.h>
/* for inet_pton */
#include <sys/types.h>
char *crl_dist_points;
char *password;
char *pkcs12_key_name;
+ char *expiration_date;
+ char *activation_date;
int serial;
int expiration_days;
int ca;
if (val != NULL && val->valType == OPARG_TYPE_STRING)
cfg.country = strdup(val->v.strVal);
+ val = optionGetValue(pov, "expiration_date");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.expiration_date = strdup(val->v.strVal);
+
+ val = optionGetValue(pov, "activation_date");
+ if (val != NULL && val->valType == OPARG_TYPE_STRING)
+ cfg.activation_date = strdup(val->v.strVal);
+
for (i = 0; i < MAX_POLICIES; i++) {
snprintf(tmpstr, sizeof(tmpstr), "policy%d", i + 1);
val = optionGetValue(pov, tmpstr);
}
}
-int get_days(void)
+static
+time_t get_date(const char* date)
+{
+ time_t t;
+ struct timespec r;
+
+ if (date==NULL || parse_datetime(&r, date, NULL) == 0) {
+ fprintf(stderr, "Cannot parse date: %s\n", date);
+ exit(1);
+ }
+
+ return r.tv_sec;
+}
+
+time_t get_activation_date()
{
- int days;
+ if (batch && cfg.activation_date != NULL) {
+ return get_date(cfg.activation_date);
+ }
+
+ return time(NULL);
+}
+
+static
+time_t days_to_secs(int days)
+{
+time_t secs = days;
+time_t now = time(NULL);
+
+ if (secs != (time_t)-1) {
+ if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
+ secs = -1;
+ } else {
+ secs *= 24*60*60;
+ }
+ }
+
+ if (secs != (time_t)-1) {
+ if (INT_ADD_OVERFLOW(secs, now)) {
+ secs = -1;
+ } else {
+ secs += now;
+ }
+ }
+
+ return secs;
+}
+
+time_t get_expiration_date()
+{
if (batch) {
- if (cfg.expiration_days == 0 || cfg.expiration_days < -2)
- return 365;
- else
- return cfg.expiration_days;
+ if (cfg.expiration_date == NULL) {
+ time_t secs, now;
+
+ now = time(NULL);
+
+ if (cfg.expiration_days == 0 || cfg.expiration_days < -2)
+ secs = days_to_secs(365);
+ else {
+ secs = days_to_secs(cfg.expiration_days);
+ }
+
+ return secs;
+ } else
+ return get_date(cfg.expiration_date);
} else {
+ int days;
+
do {
days =
read_int
("The certificate will expire in (days): ");
}
while (days == 0);
- return days;
+ return days_to_secs(days);
}
}
void get_oid_crt_set(gnutls_x509_crt_t crt);
void get_key_purpose_set(int type, void *crt);
int get_serial(void);
-int get_days(void);
+time_t get_expiration_date(void);
+time_t get_activation_date(void);
int get_ca_status(void);
int get_crl_number(void);
int get_path_len(void);
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <intprops.h>
/* Gnulib portability files. */
#include <read-file.h>
size_t size;
int ret;
int client;
- int days, result, ca_status = 0, is_ike = 0, path_len;
- time_t secs, now;
+ int result, ca_status = 0, is_ike = 0, path_len;
+ time_t secs;
int vers;
unsigned int usage = 0, server;
gnutls_x509_crq_t crq; /* request */
if (!batch)
fprintf(stderr, "\n\nActivation/Expiration time.\n");
- now = time(NULL);
+ secs = get_activation_date();
- gnutls_x509_crt_set_activation_time(crt, now);
-
- days = get_days();
- secs = days;
-
- if (secs != (time_t)-1) {
- if (INT_MULTIPLY_OVERFLOW(secs, 24*60*60)) {
- secs = -1;
- } else {
- secs *= 24*60*60;
- }
- }
+ result = gnutls_x509_crt_set_activation_time(crt, secs);
+ if (result < 0) {
+ fprintf(stderr, "set_activation: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
- if (secs != (time_t)-1) {
- if (INT_ADD_OVERFLOW(secs, now)) {
- secs = -1;
- } else {
- secs += now;
- }
- }
+ secs = get_expiration_date();
result = gnutls_x509_crt_set_expiration_time(crt, secs);
if (result < 0) {
int result;
gnutls_privkey_t ca_key;
gnutls_x509_crt_t ca_crt;
- int days;
- time_t tim = time(NULL);
+ time_t tim;
fprintf(stderr, "Generating a signed certificate...\n");
crt = load_cert(1, cinfo);
fprintf(stderr, "Activation/Expiration time.\n");
- gnutls_x509_crt_set_activation_time(crt, tim);
+ tim = get_activation_date();
+
+ result = gnutls_x509_crt_set_activation_time(crt, tim);
+ if (result < 0) {
+ fprintf(stderr, "set_activation: %s",
+ gnutls_strerror(result));
+ exit(1);
+ }
- days = get_days();
+ tim = get_expiration_date();
result =
gnutls_x509_crt_set_expiration_time(crt,
- tim +
- ((time_t) days) * 24 * 60 *
- 60);
+ tim);
if (result < 0) {
fprintf(stderr, "set_expiration: %s",
gnutls_strerror(result));