i wrote:
|until now when i printed certificate chains (in verbose mode)
|i used a brute simple hand driven function that dealt with
|ASN1_UTCTIME. Today i connected to a server where one of the
|certificates in the chain used ASN1_GENERALIZEDTIME, which
|resulted in the -- faulty -- message:
|
| notBefore = 2020-09-03 03:12:54 GMT
| notAfter = Bogus certificate date: 20240303125425Z
this btw. not only affects my little MUA btw. (it at least prints
something useful then).
|So i gave up on this and am now using the undocumented (at least
|in regular documentation) ASN1_TIME_print(), which (sic) goes
|through a BIO:
Since the function was in it since 0.9.1c that should be ok?
Like the thing that is attached.
And if you would be really kind then you could also get the simple
script which does extract and expand it. I.e., i remember the
thread on improving the doc -- storing the documentation nearby
the functions which implement a functionality (or their prototypes,
but that is not an option for OpenSSL) is surely a step into the
right direction.
--steffen
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 111ea5a..ef4b1d8 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -386,6 +386,26 @@ int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
return(1);
}
+/*@=
+ * @man ASN1_TIME_print.3ssl
+ * @group NAME ASN1_TIME_print -- ASN1 time output routine
+ *
+ * @group SYNOPSIS
+ *
+ * @syn #include <openssl/asn1.h>
+ * @sp
+ * @fun int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm);
+ *
+ * @group DESCRIPTION
+ *
+ * This function prints the B<ASN1_TIME> structure B<bp> to the B<BIO> B<tm>,
+ * or "Bad time value" if B<tm> is not a valid, or does not represent a valid
+ * B<ASN1_TIME>.
+ *
+ * @group "RETURN VALUES"
+ *
+ * Upon success the value B<1> is returned, B<0> otherwise.
+ */
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
