> -----Ursprüngliche Nachricht----- > Von: Joe Orton > Gesendet: Montag, 27. April 2009 18:09 > An: [email protected] > Betreff: Re: svn commit: r760866 - in /httpd/httpd/trunk: > CHANGESdocs/manual/mod/mod_ssl.xml > modules/proxy/mod_proxy_http.cmodules/ssl/mod_ssl.c > modules/ssl/ssl_engine_config.cmodules/ssl/ssl_engine_io.c > modules/ssl/ssl_private.h > > On Wed, Apr 01, 2009 at 12:07:49PM -0000, [email protected] wrote: > > Author: rpluem > > Date: Wed Apr 1 12:07:47 2009 > > New Revision: 760866 > > > > URL: http://svn.apache.org/viewvc?rev=760866&view=rev > > Log: > ... > > + if (sc->proxy_ssl_check_peer_expire == SSL_ENABLED_TRUE) { > > + apr_time_t start_time; > > + apr_time_t end_time; > > + apr_time_t now; > > + > > + start_time = parseASN1time(c->pool, > > + > ssl_var_lookup(NULL, c->base_server, > > + c, NULL, > > + > "SSL_CLIENT_V_START")); > > + end_time = parseASN1time(c->pool, > > + ssl_var_lookup(NULL, > c->base_server, > > + c, NULL, > > + > "SSL_CLIENT_V_END")); > > You can (and should) use X509_get_notBefore(), X509_get_notAfter() to > get the end/start times form sslconn->client_cert; can check > for expiry > using X509_cmp_current_time() on the returned values. Should > require 1 > less ASN.1 date parser!
Done in r769809. Please crosscheck. > > Also maybe default these to "on" for the trunk? > Done in r769815. Regards Rüdiger
