httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject Re: svn commit: r760866 - in /httpd/httpd/trunk: CHANGESdocs/manual/mod/mod_ssl.xml modules/proxy/mod_proxy_http.cmodules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.cmodules/ssl/ssl_engine_io.c modules/ssl/ssl_private.h
Date Wed, 29 Apr 2009 16:18:50 GMT
 

> -----Ursprüngliche Nachricht-----
> Von: Joe Orton 
> Gesendet: Montag, 27. April 2009 18:09
> An: dev@httpd.apache.org
> Betreff: Re: svn commit: r760866 - in /httpd/httpd/trunk: 
> CHANGESdocs/manual/mod/mod_ssl.xml 
> modules/proxy/mod_proxy_http.cmodules/ssl/mod_ssl.c 
> modules/ssl/ssl_engine_config.cmodules/ssl/ssl_engine_io.c 
> modules/ssl/ssl_private.h
> 
> On Wed, Apr 01, 2009 at 12:07:49PM -0000, rpluem@apache.org wrote:
> > Author: rpluem
> > Date: Wed Apr  1 12:07:47 2009
> > New Revision: 760866
> > 
> > URL: http://svn.apache.org/viewvc?rev=760866&view=rev
> > Log:
> ...
> > +        if (sc->proxy_ssl_check_peer_expire == SSL_ENABLED_TRUE) {
> > +            apr_time_t start_time;
> > +            apr_time_t end_time;
> > +            apr_time_t now;
> > +
> > +            start_time = parseASN1time(c->pool,
> > +                                       
> ssl_var_lookup(NULL, c->base_server,
> > +                                                      c, NULL,
> > +                                                      
> "SSL_CLIENT_V_START"));
> > +            end_time = parseASN1time(c->pool,
> > +                                     ssl_var_lookup(NULL, 
> c->base_server,
> > +                                                    c, NULL,
> > +                                                    
> "SSL_CLIENT_V_END"));
> 
> You can (and should) use X509_get_notBefore(), X509_get_notAfter() to 
> get the end/start times form sslconn->client_cert; can check 
> for expiry 
> using X509_cmp_current_time() on the returned values.  Should 
> require 1 
> less ASN.1 date parser!

Done in r769809. Please crosscheck.

> 
> Also maybe default these to "on" for the trunk?
> 

Done in r769815.

Regards

Rüdiger

Mime
View raw message