mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Add x509_get_expire() to extract the not-after time from a certificate

Browse Source 
as a epoch time_t. Store the expire time for certs, crls will follow after.
OK tb@
This commit is contained in:
claudio 2021-10-07 08:30:39 +00:00
parent 0557eed95a
commit 7fd566d895
3 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
usr.sbin/rpki-client/cert.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cert.c,v 1.33 2021/10/05 11:20:46 job Exp $ */
/* $OpenBSD: cert.c,v 1.34 2021/10/07 08:30:39 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -1061,6 +1061,7 @@ cert_parse_inner(X509 **xp, const char *fn, int ta)
p.res->aia = x509_get_aia(x, p.fn);
p.res->crl = x509_get_crl(x, p.fn);
}
p.res->expires = x509_get_expire(x, p.fn);
p.res->purpose = x509_get_purpose(x, p.fn);
/* Validation on required fields. */

5
usr.sbin/rpki-client/extern.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: extern.h,v 1.68 2021/10/05 11:20:46 job Exp $ */
/* $OpenBSD: extern.h,v 1.69 2021/10/07 08:30:39 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -127,6 +127,7 @@ struct cert {
enum cert_purpose purpose; /* Certificate Purpose (BGPSec or CA) */
int valid; /* validated resources */
X509 *x509; /* the cert */
time_t expires; /* do not use after */
};
/*
@ -232,6 +233,7 @@ struct crl {
RB_ENTRY(crl) entry;
char *aki;
X509_CRL *x509_crl;
time_t expires; /* do not use after */
};
/*
* Tree of CRLs sorted by uri
@ -527,6 +529,7 @@ char *hex_encode(const unsigned char *, size_t);
char *x509_get_aia(X509 *, const char *);
char *x509_get_aki(X509 *, int, const char *);
char *x509_get_ski(X509 *, const char *);
time_t x509_get_expire(X509 *, const char *);
char *x509_get_crl(X509 *, const char *);
char *x509_crl_get_aki(X509_CRL *, const char *);
enum cert_purpose x509_get_purpose(X509 *, const char *);

25
usr.sbin/rpki-client/x509.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509.c,v 1.22 2021/10/05 11:20:46 job Exp $ */
/* $OpenBSD: x509.c,v 1.23 2021/10/07 08:30:39 claudio Exp $ */
/*
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -232,6 +232,29 @@ out:
return aia;
}
/*
* Extract the expire time (not-after) of a certificate.
*/
time_t
x509_get_expire(X509 *x, const char *fn)
{
const ASN1_TIME *at;
struct tm expires_tm;
time_t expires;
at = X509_get0_notAfter(x);
if (at == NULL)
errx(1, "%s: X509_get0_notafter failed", fn);
memset(&expires_tm, 0, sizeof(expires_tm));
if (ASN1_time_parse(at->data, at->length, &expires_tm, 0) == -1)
errx(1, "%s: ASN1_time_parse failed", fn);
if ((expires = mktime(&expires_tm)) == -1)
errx(1, "%s: mktime failed", fn);
return expires;
}
/*
* Parse the very specific subset of information in the CRL distribution
* point extension.