[openssl-users] Not Before and Not After Date format for openssl API X509_gmtime_adj
Victor Wagner
vitus at wagner.pp.ru
Mon Jul 13 10:22:13 UTC 2015
On Mon, 13 Jul 2015 12:25:40 +0530
Nayna Jain <naynjain at in.ibm.com> wrote:
>
> Hi all,
>
> I am programmatically generating the self signed certificate and need
> to specify the "Not Before" and "Not After" date,
>
> Wanted to understand what all formats are acceptable by this API ?
X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure.
You can use ASN1_TIME_set function to fill this structure. It expects
integer time_t value.
X509_cmp_time also expects integer time_t value.
So integer number of seconds since the beginning of the epoch (1.1.1970
GMT) is everything you need.
There is also ASN1_TINE_set_string function, which does deal with some
datetime format, but I suggest never use it. Use C runtime library
function strptime, which allows to specify format explicitely or mktime
to prepare time_t value from the user input. And use OpenSSL
ASN1_TIME_print function to convert ASN1_TIME to human-readble form.
>
> Also, similarly while using API , what exactly is the time format
> expected by X509_cmp_time(X509_get_notAfter(iv_pX509), .......);
>
> Thanks & Regards,
> Nayna Jain
More information about the openssl-users
mailing list