X509_cmp_time¶
NAME¶
X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, X509_time_adj, X509_time_adj_ex, X509_gmtime_adj - X509 time functions
SYNOPSIS¶
int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
int X509_cmp_current_time(const ASN1_TIME *asn1_time);
int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
const ASN1_TIME *start, const ASN1_TIME *end);
ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
offset_sec, time_t *in_tm);
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec);
DESCRIPTION¶
X509_cmp_time() compares the ASN1_TIME in asn1_time with the time in <in_tm>.
X509_cmp_current_time() compares the ASN1_TIME in asn1_time with the current time, expressed as time_t.
X509_cmp_timeframe() compares the given time period with the reference time included in the verification parameters vpm if they are not NULL and contain X509_V_FLAG_USE_CHECK_TIME; else the current time is used as reference time.
X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time offset_day and offset_sec after in_tm.
X509_time_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after in_tm. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred.
In both methods, if asn1_time is NULL, a new ASN1_TIME structure is allocated and returned.
In all methods, if in_tm is NULL, the current time, expressed as time_t, is used.
asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.
X509_gmtime_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after the current time. It is equivalent to calling X509_time_adj() with the last parameter as NULL.
BUGS¶
Unlike many standard comparison functions, X509_cmp_time() and X509_cmp_current_time() return 0 on error.
RETURN VALUES¶
X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time is earlier than, or equal to, in_tm (resp. current time), and 1 otherwise. These methods return 0 on error.
X509_cmp_timeframe() compares a reference time to a start and end ASN1_TIME value range. The reference time is compared to the start value of the range inclusively, and to the end value of the range exclusively. The reference time used will retrieved from vpm if the flag 509_V_FLAG_USE_CHECK_TIME is set in vpm, otherwise it will be the current time. The start time used will be start if it is non NULL, and a valid ASN1_TIME value, otherwise it will be infinitely in the past. The end time used will be end if it is non NULL and a valid ASN1_TIME value, otherwise it will be infinitely in the future. 0 is returned unconditionally if the flag X509_V_FLAG_NO_CHECK_TIME is set in vpm. Otherwise 0 will be returned if the reference time is in the range of the start time and end time as described above. 1 is returned to indicate the reference time is after or equal to the end time. -1 is returned to indicate the reference time is before the start time. As this function treats invalid ASN1_TIME inputs as unlimited times, it should not be used to for temporal verification of certificates using untrusted inputs that have not been pre-validated to be correct ASN1_TIME values for a certificate as per RFC 5280, as invalid values will be accepted as valid forever.
X509_time_adj(), X509_time_adj_ex() and X509_gmtime_adj() return a pointer to the updated ASN1_TIME structure, and NULL on error.
HISTORY¶
X509_cmp_timeframe() was added in OpenSSL 3.0.
COPYRIGHT¶
Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.