In message <[EMAIL PROTECTED]> on Mon, 19 Jul 2004 09:51:35 +0530, <[EMAIL PROTECTED]>
said:
sakthi.subramaniam>
sakthi.subramaniam> >Its not clear what you want to do from this 30/31 years business.
sakthi.subramaniam> The number of years difference between "Not Valid
sakthi.subramaniam> before and Not valid after" should not exceed 30
sakthi.subramaniam> years in the certificates..How can I check it ?
Since you're doing this by programming:
- You get the validity limits, using the macros X509_get_notBefore() and
X509_get_notAfter()
- extract the year from the limits, using the function
ASN1_extract_year() (NOT TESTED!) below.
- subtract one year from the other and check that it's lower than 31.
int ASN1_extract_year(ASN1_TIME *tm)
{
int i, y;
char *v;
i=tm->length;
v=(char *)tm->data;
if (tm->type == ASN1_UTCTIME)
{
if (i < 10) return 0; /* Bad value */
y= (v[0]-'0')*10+(v[1]-'0');
if (y < 50) y+=100;
}
else if (tm->type == ASN1_GENERALIZEDTIME)
{
int i;
char *v;
i=tm->length;
v=(char *)tm->data;
if (i < 12) return 0; /* Bad value */
y = (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
}
else return 0; /* Bad time value */
return y;
}
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44
\ SWEDEN \
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
-----------------------------------------------------------------
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
