Thanks a lot for trying to help me.
here's the snippet of the code:
the function that calls IssueCertificate has this line in them:
cinfo.begin_validity = day_start;
cinfo.validity = day_end;
both day_start and day_end are int variables. then they are passed to the
IssueCertificate function as CERT_DETAIL pinfo.
//this is the called function
int IssueCertificate(CERT_DETAIL pinfo,char *x509,char *key,char *ca, int
Type, AnsiString *HexSerial, AnsiString receiveUserName, AnsiString
receiveUserID)
{
//this is some of the variable
FILE *fp = NULL;
Base64 encoder;
AnsiString s, ca_cert, ca_key;
int i, key_len, len, ret = 1, nconf = 0;
X509 *x = NULL, *xca = NULL;
X509_REQ *req = NULL;
EVP_PKEY *pkey = NULL, *ca_pkey = NULL;
unsigned char skey[1024*8];
char buf[128], *sconf[100], *mkey = NULL;
char ckey[1024], cacert[1024 * 8], profpass[1024], cacert_file[400],
kbuf[1024],cbuf[1024 * 8];
unsigned char *p, plain[EBUFSIZE+4], emkey[EBUFSIZE+4],
t_emkey[EBUFSIZE+4];
...
...
...
//this is the part that calls the function to generate the cert i guess
if ((x = MakeCertificate(req,sconf,nconf,NULL,ca,ca_pkey,
pinfo.begin_validity,
pinfo.validity,pinfo.serial,pinfo.algo,0)) ==
NULL)
{ ret = ERROR_MAKECERT;
goto end3;
}
}
There's no X509_set_notAfter in my called after I searched through it.
For 'X509_gmtime_adj' all I get was:
int RenewCertificate(X509 *old_x509,X509 ** new_x509,EVP_PKEY* pkey, int
validity)
{
X509 *x = NULL;
x=old_x509;
char buf[512];
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*validity);
...
...
}
and
void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList
*ListSer, int SumList)
{
...
X509_gmtime_adj(ci->lastUpdate,0);
if (ci->nextUpdate == NULL)
ci->nextUpdate=ASN1_UTCTIME_new();
X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
...
}
Revoke do_revoke(X509 *x509)
{
...
revtm=X509_gmtime_adj(revtm,0);
...
}
but it was called inside the RenewCertificate, GenCrl and revoke function,
and not IssueCertificate which is used to issue the cert, so I guess it must
have no relation, right? Please correct me if i'm wrong.
For ASN1_UTCTIME all I get was:
Revoke do_revoke(X509 *x509)
{
revtm = ASN1_UTCTIME_new();
revtm=X509_gmtime_adj(revtm,0);
rdate=(char *)OPENSSL_malloc(revtm->length+1);
memcpy(rdate,revtm->data,revtm->length);
ASN1_UTCTIME_free(revtm);
}
and
void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList
*ListSer, int SumList)
{
if (ci->nextUpdate == NULL)
ci->nextUpdate=ASN1_UTCTIME_new();
X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
}
it seems here all the function that you mentioned are not called to generate
the cert. I'm totally lost on what i should do now...?
thanks a lot
On 7/14/07, David Schwartz <[EMAIL PROTECTED]> wrote:
> thanks a lot for answering my question.. but is this the only way?
> it seems a bit overwhelming for me.. isn't there any other way?
> like any function we can call?
Rather than risking you screwing up security-critical code, why don't you
paste the part of the code that sets the validity and I'll post back the
code modified as you need? Search for 'X509_set_notAfter',
'X509_gmtime_adj'
and 'ASN1_UTCTIME' and with luck you should be able to find that chunk of
code.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
