Am Wed, 4 Mar 2009 17:28:09 +0100 (CET) schrieb Stephen Henson via RT:
> IMHO a better way to implement this functionality is with a new
> function ASN1_TIME_set_string() which uses UTCTime/GeneralizedTime as
> appropriate.
Updated patch with ASN1_TIME_set_string(), also doesn't restrict date
format any more.
diff -ur openssl-SNAP-20090303.orig/apps/ca.c openssl-SNAP-20090303.new/apps/ca.c
--- openssl-SNAP-20090303.orig/apps/ca.c 2009-03-03 19:04:00.000000000 +0100
+++ openssl-SNAP-20090303.new/apps/ca.c 2009-03-06 14:41:18.000000000 +0100
@@ -1109,9 +1109,9 @@
if (startdate == NULL)
ERR_clear_error();
}
- if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+ if (startdate && !ASN1_TIME_set_string(NULL, startdate))
{
- BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+ BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
goto err;
}
if (startdate == NULL) startdate="today";
@@ -1123,9 +1123,9 @@
if (enddate == NULL)
ERR_clear_error();
}
- if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+ if (enddate && !ASN1_TIME_set_string(NULL, enddate))
{
- BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+ BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
goto err;
}
@@ -2007,11 +2007,11 @@
if (strcmp(startdate,"today") == 0)
X509_gmtime_adj(X509_get_notBefore(ret),0);
- else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+ else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
if (enddate == NULL)
X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
- else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+ else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
if (!X509_set_subject_name(ret,subject)) goto err;
@@ -2107,7 +2107,7 @@
}
BIO_printf(bio_err,"Certificate is to be certified until ");
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+ ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
if (days) BIO_printf(bio_err," (%ld days)",days);
BIO_printf(bio_err, "\n");
@@ -2397,12 +2397,15 @@
static int check_time_format(const char *str)
{
- ASN1_UTCTIME tm;
+ ASN1_TIME tm;
tm.data=(unsigned char *)str;
tm.length=strlen(str);
tm.type=V_ASN1_UTCTIME;
- return(ASN1_UTCTIME_check(&tm));
+ if (ASN1_TIME_check(&tm))
+ return 1;
+ tm.type=V_ASN1_GENERALIZEDTIME;
+ return(ASN1_TIME_check(&tm));
}
static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/asn1.h openssl-SNAP-20090303.new/crypto/asn1/asn1.h
--- openssl-SNAP-20090303.orig/crypto/asn1/asn1.h 2009-03-03 19:04:00.000000000 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/asn1.h 2009-03-06 12:51:37.000000000 +0100
@@ -885,6 +885,7 @@
int offset_day, long offset_sec);
int ASN1_TIME_check(ASN1_TIME *t);
ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
i2d_of_void *i2d, int ex_tag, int ex_class,
diff -ur openssl-SNAP-20090303.orig/crypto/asn1/a_time.c openssl-SNAP-20090303.new/crypto/asn1/a_time.c
--- openssl-SNAP-20090303.orig/crypto/asn1/a_time.c 2009-03-03 19:04:00.000000000 +0100
+++ openssl-SNAP-20090303.new/crypto/asn1/a_time.c 2009-03-06 12:48:51.000000000 +0100
@@ -173,3 +173,39 @@
return ret;
}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+ {
+ ASN1_TIME t;
+
+ t.length = strlen(str);
+ t.data = (unsigned char *)str;
+
+ t.type = V_ASN1_UTCTIME;
+ if (ASN1_TIME_check(&t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
+ s->type = V_ASN1_UTCTIME;
+ }
+ return(1);
+ }
+
+ t.type = V_ASN1_GENERALIZEDTIME;
+ if (ASN1_TIME_check(&t))
+ {
+ if (s != NULL)
+ {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str,t.length))
+ return 0;
+ s->type = V_ASN1_GENERALIZEDTIME;
+ }
+ return(1);
+ }
+
+ return(0);
+ }
