| X509_GET0_NOTBEFORE(3) | Library Functions Manual | X509_GET0_NOTBEFORE(3) |
X509_get0_notBefore,
X509_get0_notAfter,
X509_getm_notBefore,
X509_getm_notAfter,
X509_get_notBefore,
X509_get_notAfter,
X509_CRL_get0_lastUpdate,
X509_CRL_get0_nextUpdate,
X509_CRL_get_lastUpdate,
X509_CRL_get_nextUpdate,
X509_set1_notBefore,
X509_set1_notAfter,
X509_set_notBefore,
X509_set_notAfter,
X509_CRL_set1_lastUpdate,
X509_CRL_set1_nextUpdate,
X509_CRL_set_lastUpdate,
X509_CRL_set_nextUpdate —
get and set certificate and CRL validity dates
#include
<openssl/x509.h>
const ASN1_TIME *
X509_get0_notBefore(const X509
*x);
const ASN1_TIME *
X509_get0_notAfter(const X509
*x);
ASN1_TIME *
X509_getm_notBefore(const X509
*x);
ASN1_TIME *
X509_getm_notAfter(const X509
*x);
ASN1_TIME *
X509_get_notBefore(const X509
*x);
ASN1_TIME *
X509_get_notAfter(const X509
*x);
const ASN1_TIME *
X509_CRL_get0_lastUpdate(const
X509_CRL *crl);
const ASN1_TIME *
X509_CRL_get0_nextUpdate(const
X509_CRL *crl);
ASN1_TIME *
X509_CRL_get_lastUpdate(X509_CRL
*crl);
ASN1_TIME *
X509_CRL_get_nextUpdate(X509_CRL
*crl);
int
X509_set1_notBefore(X509 *x,
const ASN1_TIME *tm);
int
X509_set1_notAfter(X509 *x,
const ASN1_TIME *tm);
int
X509_set_notBefore(X509 *x,
const ASN1_TIME *tm);
int
X509_set_notAfter(X509 *x,
const ASN1_TIME *tm);
int
X509_CRL_set1_lastUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set1_nextUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set_lastUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
int
X509_CRL_set_nextUpdate(X509_CRL
*crl, const ASN1_TIME *tm);
X509_getm_notBefore()
and
X509_getm_notAfter()
return pointers to the notBefore and
notAfter fields of the validity period of the
certificate x, respectively.
X509_get_notBefore()
and
X509_get_notAfter()
are deprecated aliases implemented as macros.
X509_get0_notBefore()
and
X509_get0_notAfter()
are identical except for the const qualifier on the return type.
X509_CRL_get0_lastUpdate()
is misnamed in a confusing way: it returns a pointer to the
thisUpdate field of the crl,
indicating the time when this crl was issued.
X509_CRL_get0_nextUpdate()
returns a pointer to the nextUpdate field of the
crl, indicating the time when issuing the subsequent
CRL will be due.
X509_CRL_get_lastUpdate()
and
X509_CRL_get_nextUpdate()
are deprecated and identical except for the const qualifier on the argument
and on the return type.
X509_set1_notBefore(),
X509_set1_notAfter(),
X509_CRL_set1_lastUpdate(),
and
X509_CRL_set1_nextUpdate()
set the notBefore, notAfter,
thisUpdate (sic!), or nextUpdate
field of x or crl, respectively,
to a deep copy of tm and free the
ASN1_TIME value that they replace.
X509_set_notBefore(),
X509_set_notAfter(),
X509_CRL_set_lastUpdate(),
and
X509_CRL_set_nextUpdate()
are deprecated aliases.
The
get
functions return internal pointers which must not be freed by the
application, or NULL if the requested field is not
available. They may crash with a NULL pointer access
if x or crl is
NULL.
The
set functions return
1 on success or 0 on failure. They fail if x is
NULL or does not contain a
validity substructure, if crl is
NULL, or if
ASN1_STRING_dup(3)
fails.
Except for some cases of ASN1_STRING_dup(3) failure, these functions do not support determining reasons for failure with ERR_get_error(3).
ASN1_TIME_set(3), X509_cmp_time(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_get_subject_name(3), X509_new(3), X509_sign(3), X509_VAL_new(3), X509_verify_cert(3)
X509_get_notBefore(),
X509_get_notAfter(),
X509_set_notBefore(), and
X509_set_notAfter() first appeared in SSLeay 0.6.5
and have been available since OpenBSD 2.4.
X509_CRL_get_lastUpdate() and
X509_CRL_get_nextUpdate() first appeared in OpenSSL
0.9.2 and have been available since OpenBSD 2.6.
X509_CRL_set_lastUpdate() and
X509_CRL_set_nextUpdate() first appeared in OpenSSL
0.9.7 and have been available since OpenBSD 3.2.
The remaining functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.
| March 5, 2024 | openbsd |