What my SSL_CTX_get_timeout() does not work?

Fri, 03 Aug 2007 08:09:34 -0700 

Hi,

I wrote a function to fetch the lifetime (expire time) of a
certificate. But it seems not to work right.

The codes are as follows:

------------  codes to fetch lifetime ---------------------
       ...
        meth = SSLv3_method();

        /* Create a SSL_CTX structure */
        ctx = SSL_CTX_new(meth);
        if (!ctx) {
                ERR_print_errors_fp(stderr);
                exit(1);
        }

        /* Load the my certificate into the SSL_CTX structure */
        if (SSL_CTX_use_certificate_file(ctx, MY_CERT, SSL_FILETYPE_PEM) <= 0) {
                ERR_print_errors_fp(stderr);
                exit(1);
        }

        /* Load the private-key corresponding to the my certificate */
        if (SSL_CTX_use_PrivateKey_file(ctx, MY_KEY, SSL_FILETYPE_PEM) <= 0) {
                ERR_print_errors_fp(stderr);
                exit(1);
        }

        /* Check if the certificate and private-key matches */
        if (!SSL_CTX_check_private_key(ctx)) {
                fprintf(stderr,"!!!!! Private key does not match the certificate
public key failure !!!!!\n");
                exit(1);
        }

                /* Load the RSA CA certificate into the SSL_CTX structure */
                if (!SSL_CTX_load_verify_locations(ctx, CA_CERT, NULL)) {
                        ERR_print_errors_fp(stderr);
                        exit(1);
                }

                /* Set to require peer (client) certificate verification */
                SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,NULL);

                /* Set the verification depth to 1 */
                SSL_CTX_set_verify_depth(ctx,1);

                /* For session resumption */
                if( ! SSL_CTX_set_session_id_context( ctx , sid_ctx , 
sid_ctx_len ) )
                {
                        printf(" !!!!! SSL_CTX_set_session_id_context() failed 
!!!!! \n");
                        exit(1);
                }


                fprintf( stderr , "Session ID timeout value = %ld", 
SSL_CTX_get_timeout(ctx));

------------------- end of codes ----------------------------

Here,

MY_CERT  - the certificate to fetch expire time, such as usercert.pem
MY_KEY  -  the private key of user, such as userkey.pem
CA_CERT - the CA certificate , such as
"/etc/grid-security/certificates/0adefd6e.0"
CA_DIR - the directory of CA certificate , such as
"/etc/grid-security/certificates/"

However, no matter how I test different certificate after compilation,
what it printed to me is

$ ./my_test_code
Session ID timeout value = 7200

what is the meaning of 7200? I have set the expire time of certificate
12 hours, but 7200 is not the right time if it is calculated by
seconds.

What is wrong in my codes? Could anybody give me some advices?


Thanks alot.

Ian
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to