On 13/07/2015 12:22, Victor Wagner wrote:
On Mon, 13 Jul 2015 12:25:40 +0530
Nayna Jain <naynj...@in.ibm.com> wrote:
Hi all,
I am programmatically generating the self signed certificate and need
to specify the "Not Before" and "Not After" date,
Wanted to understand what all formats are acceptable by this API ?
X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure.
You can use ASN1_TIME_set function to fill this structure. It expects
integer time_t value.
X509_cmp_time also expects integer time_t value.
So integer number of seconds since the beginning of the epoch (1.1.1970
GMT) is everything you need.
There is also ASN1_TINE_set_string function, which does deal with some
datetime format, but I suggest never use it. Use C runtime library
function strptime, which allows to specify format explicitely or mktime
to prepare time_t value from the user input. And use OpenSSL
ASN1_TIME_print function to convert ASN1_TIME to human-readble form.
Does ASN1_TIME_set_string() support dates outside the
time_t range of the local libc?
This is important when creating root certs with expiry
dates after 2038 (specifically, any time >= epoch+2**31).
It is also important when creating self-signed Android
apk signing certificates (which /must/ be valid for at
least 30 years).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
