The following known-working code may help you. It sets a certificates
validity to from yesterday to a year from yesterday.
ASN1_UTCTIME *s=ASN1_UTCTIME_new();
X509_gmtime_adj(s, -60*60*24);
X509_set_notBefore(cert, s);
X509_gmtime_adj(s, 60*60*24*364);
X509_set_notAfter(cert, s)
thanks for your response, yes i have tried casting the
long value, it doesn't make any difference. i believe
Jan 1 1970 is the start of the unix calendar, so it sounds
to me like there is some kind of value overflow
somewhere.
rangeos wrote:
> Have you try to make a cast
>
> X509_gmtime_adj(X509
Have you try to make a cast
X509_gmtime_adj(X509_get_notBefore(Cert), (long)(0));
X509_gmtime_adj(X509_get_notAfter(Cert), (long)(60.*60.*24.*60.));
I use those two functions and it works well!
> -Message d'origine-
> DeĀ : [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED] De
i have an application that creates it's own certificates (built with
0.9.6j), i call X509_new() and then setup various fields
(serial number, issuer name, etc). then i try to set the validity
period to 60 days by doing something like:
X509_gmtime_adj(X509_get_notBefore(Cert), 0);
X509_gmtime_adj(X
> openssl s_client -connect ldap.foo.bar:676 -showcerts
Charles,
I tried the following command:
openssl s_client -connect servername.domain.edu:443 -showcerts
And received the following output:
CONNECTED(0004)
3602:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:
Dr. Stephen Henson wrote:
Try upper case: CN, DC etc.
Thanks, that did the trick.
Mike
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECT
Sorry I was misreading that report -- the error 81 is probably
an LDAP error, not a SSL error, and the man page at www.openldap.org
does not have the integer codes. Presumable there is some .h file
in the openldap distribution that contains the reference, but it
might very well be something like "
