NAME

X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, X509_time_adj, X509_time_adj_ex - X509 time functions

SYNOPSIS

 int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
 int X509_cmp_current_time(const ASN1_TIME *asn1_time);
 int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
                        const ASN1_TIME *start, const ASN1_TIME *end);
 ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
                             offset_sec, time_t *in_tm);

DESCRIPTION

X509_cmp_time() compares the ASN1_TIME in asn1_time with the time in <in_tm>.

X509_cmp_current_time() compares the ASN1_TIME in asn1_time with the current time, expressed as time_t.

X509_cmp_timeframe() compares the given time period with the reference time included in the verification parameters vpm if they are not NULL and contain X509_V_FLAG_USE_CHECK_TIME; else the current time is used as reference time.

X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time offset_day and offset_sec after in_tm.

X509_time_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after in_tm. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred.

In both methods, if asn1_time is NULL, a new ASN1_TIME structure is allocated and returned.

In all methods, if in_tm is NULL, the current time, expressed as time_t, is used.

asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.

BUGS

Unlike many standard comparison functions, X509_cmp_time() and X509_cmp_current_time() return 0 on error.

RETURN VALUES

X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time is earlier than, or equal to, in_tm (resp. current time), and 1 otherwise. These methods return 0 on error.

X509_cmp_timeframe() returns 0 if vpm is not NULL and the verification parameters do not contain X509_V_FLAG_USE_CHECK_TIME but do contain X509_V_FLAG_NO_CHECK_TIME. Otherwise it returns 1 if the end time is not NULL and the reference time (which has determined as stated above) is past the end time, -1 if the start time is not NULL and the reference time is before, else 0 to indicate that the reference time is in range (implying that the end time is not before the start time if both are present).

X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error.

HISTORY

X509_cmp_timeframe() was added in OpenSSL 3.0.

COPYRIGHT

Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.