This function rounds an ASN1_UTCTIME up to the end of the day it belongs to.
You need to call this function on an ASN1_UTCTIME before you set it as the
'not valid after' date:
void X509_gmtime_roundup(ASN1_UTCTIME *s)
{ /* Rounds an ASN1_UTCTIME up to the end of the current day */
char buf[32];
strcpy(buf, (const char *) ASN1_STRING_data(s));
strcpy(buf+6, "235959Z");
ASN1_UTCTIME_set_string(s, buf);
}
Here's where I think that goes in your code:
int RenewCertificate(X509 *old_x509,X509 ** new_x509,EVP_PKEY* pkey, int
validity)
{
X509 *x = NULL;
x=old_x509;
char buf[512];
X509_gmtime_adj(X509_get_notBefore(x),0);
X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*validity);
Here, the 'not valid after' time was just advanced. You need to round it,
so add:
X509_gmtime_roundup(X509_get_notAfter(x));
...
...
}
and
void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList
*ListSer, int SumList)
{
...
X509_gmtime_adj(ci->lastUpdate,0);
if (ci->nextUpdate == NULL)
ci->nextUpdate=ASN1_UTCTIME_new();
X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
If you want to round the CRL time, up, use this line next:
X509_gmtime_roundup(ci->nextUpdate);
...
}
void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList
*ListSer, int SumList)
{
if (ci->nextUpdate == NULL)
ci->nextUpdate=ASN1_UTCTIME_new();
X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
This also sets the 'nextUpdate' time. If you want to round that to the end
of the day, add:
X509_gmtime_roudup(ci->nextUpdate);
}
it seems here all the function that you mentioned are not called to
generate the cert. I'm totally lost on what i should do now...?
Be sure to test this code before relying on it!
DS
