On 7 Nov 2012, at 14:35, Graham Leggett wrote: > I would like to know how long a CRL has until it expires in seconds (or milli > or microseconds, don't care, I can convert), and am struggling to find a > formally supported way to do this. > > What I would like to do is return the difference between a given ASN1_TIME > and the current time, or two ASN1_TIME values (don't care which, I can > generate an ASN1_TIME from the current time).
The bit of code I stole from x509/x509_vfy.c works for me. Dw. if(!(X509_CRL_get_nextUpdate(crl)) return -1; int i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); if (i == 0) return -1; // could not parse date /* Ignore expiry of base CRL is delta is valid */ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) return -1; return 0; ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org