Thanks a lot for trying to help me. here's the snippet of the code:
the function that calls IssueCertificate has this line in them: cinfo.begin_validity = day_start; cinfo.validity = day_end; both day_start and day_end are int variables. then they are passed to the IssueCertificate function as CERT_DETAIL pinfo. //this is the called function int IssueCertificate(CERT_DETAIL pinfo,char *x509,char *key,char *ca, int Type, AnsiString *HexSerial, AnsiString receiveUserName, AnsiString receiveUserID) { //this is some of the variable FILE *fp = NULL; Base64 encoder; AnsiString s, ca_cert, ca_key; int i, key_len, len, ret = 1, nconf = 0; X509 *x = NULL, *xca = NULL; X509_REQ *req = NULL; EVP_PKEY *pkey = NULL, *ca_pkey = NULL; unsigned char skey[1024*8]; char buf[128], *sconf[100], *mkey = NULL; char ckey[1024], cacert[1024 * 8], profpass[1024], cacert_file[400], kbuf[1024],cbuf[1024 * 8]; unsigned char *p, plain[EBUFSIZE+4], emkey[EBUFSIZE+4], t_emkey[EBUFSIZE+4]; ... ... ... //this is the part that calls the function to generate the cert i guess if ((x = MakeCertificate(req,sconf,nconf,NULL,ca,ca_pkey, pinfo.begin_validity, pinfo.validity,pinfo.serial,pinfo.algo,0)) == NULL) { ret = ERROR_MAKECERT; goto end3; } } There's no X509_set_notAfter in my called after I searched through it. For 'X509_gmtime_adj' all I get was: int RenewCertificate(X509 *old_x509,X509 ** new_x509,EVP_PKEY* pkey, int validity) { X509 *x = NULL; x=old_x509; char buf[512]; X509_gmtime_adj(X509_get_notBefore(x),0); X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*validity); ... ... } and void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList *ListSer, int SumList) { ... X509_gmtime_adj(ci->lastUpdate,0); if (ci->nextUpdate == NULL) ci->nextUpdate=ASN1_UTCTIME_new(); X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); ... } Revoke do_revoke(X509 *x509) { ... revtm=X509_gmtime_adj(revtm,0); ... } but it was called inside the RenewCertificate, GenCrl and revoke function, and not IssueCertificate which is used to issue the cert, so I guess it must have no relation, right? Please correct me if i'm wrong. For ASN1_UTCTIME all I get was: Revoke do_revoke(X509 *x509) { revtm = ASN1_UTCTIME_new(); revtm=X509_gmtime_adj(revtm,0); rdate=(char *)OPENSSL_malloc(revtm->length+1); memcpy(rdate,revtm->data,revtm->length); ASN1_UTCTIME_free(revtm); } and void GenCRL(X509 *x509, EVP_PKEY *pkey, TStringList *ListRev, TStringList *ListSer, int SumList) { if (ci->nextUpdate == NULL) ci->nextUpdate=ASN1_UTCTIME_new(); X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60); } it seems here all the function that you mentioned are not called to generate the cert. I'm totally lost on what i should do now...? thanks a lot On 7/14/07, David Schwartz <[EMAIL PROTECTED]> wrote:
> thanks a lot for answering my question.. but is this the only way? > it seems a bit overwhelming for me.. isn't there any other way? > like any function we can call? Rather than risking you screwing up security-critical code, why don't you paste the part of the code that sets the validity and I'll post back the code modified as you need? Search for 'X509_set_notAfter', 'X509_gmtime_adj' and 'ASN1_UTCTIME' and with luck you should be able to find that chunk of code. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]