PR: 1854

Submitted by: Oliver Martin <oliver@volatilevoid.net>
Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.

diff --git a/CHANGES b/CHANGES
index 695ed9747991393289f9c93141f4d03bedf39862..e42b7d7838e0b54901b42404d9382e9113f280c6 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+
   *) Enhance the hash format used for certificate directory links. The new
      form uses the canonical encoding (meaning equivalent names will work
      even if they aren't identical) and uses SHA1 instead of MD5. This form

diff --git a/apps/ca.c b/apps/ca.c
index cb7bd3552b89476a66af4763c9dc70aa1de9db64..4f236cce2798c980a23fc92afae93abdaf49aa5e 100644 (file)
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1109,9 +1109,9 @@ bad:
                        if (startdate == NULL)
                                ERR_clear_error();
                        }
-               if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+               if (startdate && !ASN1_TIME_set_string(NULL, startdate))
                        {
-                       BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+                       BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                        goto err;
                        }
                if (startdate == NULL) startdate="today";
@@ -1123,9 +1123,9 @@ bad:
                        if (enddate == NULL)
                                ERR_clear_error();
                        }
-               if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+               if (enddate && !ASN1_TIME_set_string(NULL, enddate))
                        {
-                       BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+                       BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                        goto err;
                        }
 
@@ -2007,11 +2007,11 @@ again2:
 
        if (strcmp(startdate,"today") == 0)
                X509_gmtime_adj(X509_get_notBefore(ret),0);
-       else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+       else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
 
        if (enddate == NULL)
                X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-       else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+       else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
 
        if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2107,7 +2107,7 @@ again2:
                }
 
        BIO_printf(bio_err,"Certificate is to be certified until ");
-       ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+       ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
        if (days) BIO_printf(bio_err," (%ld days)",days);
        BIO_printf(bio_err, "\n");
 
@@ -2397,12 +2397,7 @@ static int fix_data(int nid, int *type)
 
 static int check_time_format(const char *str)
        {
-       ASN1_UTCTIME tm;
-
-       tm.data=(unsigned char *)str;
-       tm.length=strlen(str);
-       tm.type=V_ASN1_UTCTIME;
-       return(ASN1_UTCTIME_check(&tm));
+       return ASN1_TIME_set_string(NULL, str);
        }
 
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)

diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 577e2634022cdf007a072c839bee40480d9c87ee..576de5805a2a3c458ead85cfa3813ee7cfe2c8ce 100644 (file)
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -173,3 +173,25 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 
        return ret;
        }
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+       {
+       ASN1_TIME t;
+
+       t.length = strlen(str);
+       t.data = (unsigned char *)str;
+       
+       t.type = V_ASN1_UTCTIME;
+
+       if (!ASN1_TIME_check(&t))
+               {
+               t.type = V_ASN1_GENERALIZEDTIME;
+               if (!ASN1_TIME_check(&t))
+                       return 0;
+               }
+       
+       if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+                       return 0;
+
+       return 1;
+       }

diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 26c3a48c6b606162b82a3fb6c5d3cfbf9ff29f25..2c0e05ba0f8310581722ca1fd0e8e8c5a6a6a307 100644 (file)
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -885,6 +885,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
                                int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
 int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
                 i2d_of_void *i2d, int ex_tag, int ex_class,