Use X509_cmp_time() in -checkend option, to support GeneralizedTime.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 2004 18:26:19 +0000 (18:26 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 2004 18:26:19 +0000 (18:26 +0000)
apps/x509.c

index b2288b6..294fc69 100644 (file)
@@ -999,9 +999,9 @@ bad:
 
        if (checkend)
                {
-               time_t tnow=time(NULL);
+               time_t tcheck=time(NULL) + checkoffset;
 
-               if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
+               if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
                        {
                        BIO_printf(out,"Certificate will expire\n");
                        ret=1;