NAME
X509_get0_notBefore,
X509_get0_notAfter,
X509_getm_notBefore,
X509_getm_notAfter,
X509_get_notBefore,
X509_get_notAfter,
X509_CRL_get0_lastUpdate,
X509_CRL_get0_nextUpdate,
X509_CRL_get_lastUpdate,
X509_CRL_get_nextUpdate,
X509_set1_notBefore,
X509_set1_notAfter,
X509_set_notBefore,
X509_set_notAfter,
X509_CRL_set1_lastUpdate,
X509_CRL_set1_nextUpdate,
X509_CRL_set_lastUpdate,
X509_CRL_set_nextUpdate —
get and set certificate and CRL
validity dates
SYNOPSIS
#include
<openssl/x509.h>
const ASN1_TIME *
X509_get0_notBefore(const X509
*x);
const ASN1_TIME *
X509_get0_notAfter(const X509
*x);
ASN1_TIME *
X509_getm_notBefore(const X509
*x);
ASN1_TIME *
X509_getm_notAfter(const X509
*x);
ASN1_TIME *
X509_get_notBefore(const X509
*x);
ASN1_TIME *
X509_get_notAfter(const X509
*x);
const ASN1_TIME *
X509_CRL_get0_lastUpdate(const
X509_CRL *crl);
const ASN1_TIME *
X509_CRL_get0_nextUpdate(const
X509_CRL *crl);
ASN1_TIME *
X509_CRL_get_lastUpdate(X509_CRL
*crl);
ASN1_TIME *
X509_CRL_get_nextUpdate(X509_CRL
*crl);
int
X509_set1_notBefore(X509 *x,
const ASN1_TIME *tm);
int
X509_set1_notAfter(X509 *x,
const ASN1_TIME *tm);
int
X509_set_notBefore(X509 *x,
const ASN1_TIME *tm);
int
X509_set_notAfter(X509 *x,
const ASN1_TIME *tm);
int
X509_CRL_set1_lastUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set1_nextUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set_lastUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set_nextUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
DESCRIPTION
X509_getm_notBefore()
and
X509_getm_notAfter()
return pointers to the notBefore and
notAfter fields of the validity period of the
certificate x, respectively.
X509_get_notBefore()
and
X509_get_notAfter()
are deprecated aliases implemented as macros.
X509_get0_notBefore()
and
X509_get0_notAfter()
are identical except for the const qualifier on the return type.
X509_CRL_get0_lastUpdate()
is misnamed in a confusing way: it returns a pointer to the
thisUpdate field of the crl,
indicating the time when this crl was issued.
X509_CRL_get0_nextUpdate()
returns a pointer to the nextUpdate field of the
crl, indicating the time when issuing the subsequent
CRL will be due.
X509_CRL_get_lastUpdate()
and
X509_CRL_get_nextUpdate()
are deprecated and identical except for the const qualifier on the argument
and on the return type.
X509_set1_notBefore(),
X509_set1_notAfter(),
X509_CRL_set1_lastUpdate(),
and
X509_CRL_set1_nextUpdate()
set the notBefore, notAfter,
thisUpdate (sic!), or nextUpdate
field of x or crl, respectively,
to a deep copy of tm and free the
ASN1_TIME value that they replace.
X509_set_notBefore(),
X509_set_notAfter(),
X509_CRL_set_lastUpdate(),
and
X509_CRL_set_nextUpdate()
are deprecated aliases.
RETURN VALUES
The
get
functions return internal pointers which must not be freed by the
application, or NULL if the requested field is not
available. They may crash with a NULL pointer access
if x or crl is
NULL.
The
set functions return
1 on success or 0 on failure. They fail if x is
NULL or does not contain a
validity substructure, if crl is
NULL, or if
ASN1_STRING_dup(3) fails.
Except for some cases of ASN1_STRING_dup(3) failure, these functions do not support determining reasons for failure with ERR_get_error(3).
SEE ALSO
ASN1_TIME_set(3), X509_cmp_time(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_get_subject_name(3), X509_new(3), X509_sign(3), X509_VAL_new(3), X509_verify_cert(3)
HISTORY
X509_get_notBefore(),
X509_get_notAfter(),
X509_set_notBefore(), and
X509_set_notAfter() first appeared in SSLeay 0.6.5
and have been available since OpenBSD 2.4.
X509_CRL_get_lastUpdate() and
X509_CRL_get_nextUpdate() first appeared in OpenSSL
0.9.2 and have been available since OpenBSD 2.6.
X509_CRL_set_lastUpdate() and
X509_CRL_set_nextUpdate() first appeared in OpenSSL
0.9.7 and have been available since OpenBSD 3.2.
The remaining functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.