httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r760866 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml modules/proxy/mod_proxy_http.c modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_private.h
Date Mon, 27 Apr 2009 16:08:36 GMT
On Wed, Apr 01, 2009 at 12:07:49PM -0000, rpluem@apache.org wrote:
> Author: rpluem
> Date: Wed Apr  1 12:07:47 2009
> New Revision: 760866
> 
> URL: http://svn.apache.org/viewvc?rev=760866&view=rev
> Log:
...
> +        if (sc->proxy_ssl_check_peer_expire == SSL_ENABLED_TRUE) {
> +            apr_time_t start_time;
> +            apr_time_t end_time;
> +            apr_time_t now;
> +
> +            start_time = parseASN1time(c->pool,
> +                                       ssl_var_lookup(NULL, c->base_server,
> +                                                      c, NULL,
> +                                                      "SSL_CLIENT_V_START"));
> +            end_time = parseASN1time(c->pool,
> +                                     ssl_var_lookup(NULL, c->base_server,
> +                                                    c, NULL,
> +                                                    "SSL_CLIENT_V_END"));

You can (and should) use X509_get_notBefore(), X509_get_notAfter() to 
get the end/start times form sslconn->client_cert; can check for expiry 
using X509_cmp_current_time() on the returned values.  Should require 1 
less ASN.1 date parser!

Also maybe default these to "on" for the trunk?

Sorry, I'm about a month behind on reading svn commits now :( Joe

Mime
View raw message