On Thu, Apr 07, 2011, Lou Picciano wrote: > Friends, I must admit we've never had to do it before - Can we query the > expiration date directly from a certificate, perhaps by using the ASN > structure code? (Is there a map of the currently-vailable structure codes, as > used by OpenSSL?)
The function X509_get_notAfter(cert) for an X509 * cert will retrieve the result as an ASN1_TIME structure. From there you can get it the length and value using ASN1_STRING_length(), ASN1_STRING_data() and its type with ASN1_STRING_type(). You have to parse the result: you can get some hints from the ASN1_TIME_print() function in t_x509.c There isn't a function to convert it to a more standard form such as time_t or struct tm though. If you just want to check if the certificate has or will expire at some point in the future then there are other ways to do that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
