Oops, use right function name...

[openssl.git] / apps / x509.c

diff --git a/apps/x509.c b/apps/x509.c
index 6e49377f0d5c6d81382564054e78b55489ea9d03..f4198d97be0ba82a6d4f89ac16bc9468c3d78749 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -626,7 +626,7 @@ bad:
                if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
 
                X509_gmtime_adj(X509_get_notBefore(x),0);
-               X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+               X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL);
 
                pkey = X509_REQ_get_pubkey(req);
                X509_set_pubkey(x,pkey);
@@ -1130,6 +1130,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
        /* NOTE: this certificate can/should be self signed, unless it was
         * a certificate request in which case it is not. */
        X509_STORE_CTX_set_cert(&xsc,x);
+       X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
        if (!reqfile && X509_verify_cert(&xsc) <= 0)
                goto end;
 
@@ -1146,7 +1147,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
                goto end;
 
        /* hardwired expired */
-       if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
+       if (X509_time_adj_ex(X509_get_notAfter(x),days, 0, NULL) == NULL)
                goto end;
 
        if (clrext)