implement -attime option as a verify parameter then it works with all relevant applic...
authorDr. Stephen Henson <steve@openssl.org>
Sat, 10 Dec 2011 00:37:22 +0000 (00:37 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sat, 10 Dec 2011 00:37:22 +0000 (00:37 +0000)
apps/apps.c

index fdfa362f7c62e449c06c57cfcb550cb537132ff6..b9df6f9e2d8022e513e6715a0b99599b399a58a1 100644 (file)
@@ -2257,6 +2257,7 @@ int args_verify(char ***pargs, int *pargc,
        char **oldargs = *pargs;
        char *arg = **pargs, *argn = (*pargs)[1];
        const X509_VERIFY_PARAM *vpm = NULL;
+       time_t at_time = 0;
        if (!strcmp(arg, "-policy"))
                {
                if (!argn)
@@ -2324,6 +2325,26 @@ int args_verify(char ***pargs, int *pargc,
                        }
                (*pargs)++;
                }
+       else if (strcmp(arg,"-attime") == 0)
+               {
+               if (!argn)
+                       *badarg = 1;
+               else
+                       {
+                       long timestamp;
+                       /* interpret argument as seconds since Epoch */
+                       if (sscanf(argn, "%li", &timestamp) != 1)
+                               {
+                               BIO_printf(bio_err,
+                                               "Error parsing timestamp %s\n",
+                                               argn);
+                               *badarg = 1;
+                               }
+                       /* on some platforms time_t may be a float */
+                       at_time = (time_t) timestamp;
+                       }
+               (*pargs)++;
+               }
        else if (!strcmp(arg, "-ignore_critical"))
                flags |= X509_V_FLAG_IGNORE_CRITICAL;
        else if (!strcmp(arg, "-issuer_checks"))
@@ -2383,6 +2404,9 @@ int args_verify(char ***pargs, int *pargc,
        if (depth >= 0)
                X509_VERIFY_PARAM_set_depth(*pm, depth);
 
+       if (at_time) 
+               X509_VERIFY_PARAM_set_time(*pm, at_time);
+
        end:
 
        (*pargs)++;