[openssl/openssl] 812022: apps: ca,req,x509: Add explicit start and end date...

Stephan Wurm noreply at github.com
Tue Apr 9 18:15:58 UTC 2024 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 8120223773d4c707dd43d9cc42a7fcab19609813
      https://github.com/openssl/openssl/commit/8120223773d4c707dd43d9cc42a7fcab19609813
  Author: Stephan Wurm <atomisirsi at gsklan.de>
  Date:   2024-04-09 (Tue, 09 Apr 2024)

  Changed paths:
    M CHANGES.md
    M apps/ca.c
    M apps/include/apps.h
    M apps/lib/apps.c
    M apps/req.c
    M apps/x509.c
    M doc/man1/openssl-ca.pod.in
    M doc/man1/openssl-req.pod.in
    M doc/man1/openssl-x509.pod.in
    M test/recipes/25-test_req.t
    M test/recipes/25-test_x509.t
    M test/recipes/tconversion.pl

  Log Message:
  -----------
  apps: ca,req,x509: Add explicit start and end dates options

- Added options `-not_before` (start date) and `-not-after` (end date)
  for explicit setting of the validity period of a certificate in the
  apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
  options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
  date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
  certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
  helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
  formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4

Signed-off-by: Stephan Wurm <atomisirsi at gsklan.de>

Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications

More information about the openssl-commits mailing list