On Mon, Jul 19, 2004, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Mon, 19 Jul 2004 09:51:35 +0530, <[EMAIL > PROTECTED]> said: > > sakthi.subramaniam> > sakthi.subramaniam> >Its not clear what you want to do from this 30/31 years > business. > sakthi.subramaniam> The number of years difference between "Not Valid > sakthi.subramaniam> before and Not valid after" should not exceed 30 > sakthi.subramaniam> years in the certificates..How can I check it ? > > Since you're doing this by programming: > > - You get the validity limits, using the macros X509_get_notBefore() and > X509_get_notAfter() > > - extract the year from the limits, using the function > ASN1_extract_year() (NOT TESTED!) below. > > - subtract one year from the other and check that it's lower than 31. > >
One complication is that the subtraction would need to be decremented if one year day was before the first. For example the difference between December 31st 2001 and January 1st 2002 is obviously less than a year. Timezones could also complicate matters though they are not allowed by various specifications (including RFC3280) in certificates. There's no legitimate reason AFAICS to have the two dates in different timezones but depending on the OPs reasons for wanting the check this might need to be taken into account. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
