Hi All,
I am facing a problem with "check_cert_time" function in OpenSSL
library. I am trying to handle X509_V_ERR_CERT_NOT_YET_VALID and
X509_V_ERR_CERT_NOT_YET_VALID errors.I am trying to simulate this errors
with the expired certificate and certificate not yet valid. Problem here
is I am always getting the error "certificate is not yet valid".I am not
able to get the error "certificate has expired".
I checked the function "check_cert_time".
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{
time_t *ptime;
int i;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
else
ptime = NULL;
i=X509_cmp_time(X509_get_notBefore(x), ptime);
if (i == 0)
{
ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
ctx->current_cert=x;
if (!ctx->verify_cb(0, ctx))
return 0;
}
if (i > 0)
{
ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
ctx->current_cert=x;
if (!ctx->verify_cb(0, ctx))
return 0;
}
i=X509_cmp_time(X509_get_notAfter(x), ptime);
if (i == 0)
{
ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
ctx->current_cert=x;
if (!ctx->verify_cb(0, ctx))
return 0;
}
if (i < 0)
{
ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
ctx->current_cert=x;
if (!ctx->verify_cb(0, ctx))
return 0;
}
return 1;
}
Here value of i is always 1. Hence I am not able to simulate
X509_V_ERR_CERT_HAS_EXPIRED. Here "ctx->param->check_time" is set by
another function "X509_VERIFY_PARAM_set_time".
Function "X509_STORE_CTX_set_time" invokes "X509_VERIFY_PARAM_set_time".
I wanted to know how "X509_STORE_CTX_set_time" function is invoked and
where it will be invoked. I am not able to find any information by
browsing the code.
Thanks and Regards,
Jaya
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
