Thanks for ur help. >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Dr. >Stephen Henson >Sent: Monday, July 19, 2004 4:57 PM >To: [EMAIL PROTECTED] >Subject: Re: X.509 certificates invalid certiifcates. > > >On Mon, Jul 19, 2004, Richard Levitte - VMS Whacker wrote: > >> In message >> <[EMAIL PROTECTED]> on >> Mon, 19 Jul 2004 09:51:35 +0530, <[EMAIL PROTECTED]> said: >> >> sakthi.subramaniam> >> sakthi.subramaniam> >Its not clear what you want to do from >this 30/31 years business. >> sakthi.subramaniam> The number of years difference between "Not Valid >> sakthi.subramaniam> before and Not valid after" should not exceed 30 >> sakthi.subramaniam> years in the certificates..How can I check it ? >> >> Since you're doing this by programming: >> >> - You get the validity limits, using the macros >X509_get_notBefore() and >> X509_get_notAfter() >> >> - extract the year from the limits, using the function >> ASN1_extract_year() (NOT TESTED!) below. >> >> - subtract one year from the other and check that it's lower than 31. >> >> > >One complication is that the subtraction would need to be >decremented if one year day was before the first. > >For example the difference between December 31st 2001 and >January 1st 2002 is obviously less than a year. > >Timezones could also complicate matters though they are not >allowed by various specifications (including RFC3280) in >certificates. There's no legitimate reason AFAICS to have the >two dates in different timezones but depending on the OPs >reasons for wanting the check this might need to be taken into account. > >Steve. >-- >Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >OpenSSL project core developer and freelance consultant. >Funding needed! Details on homepage. >Homepage: http://www.drh-consultancy.demon.co.uk >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] >
Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
