Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 5068 invoked from network); 27 Apr 2009 16:09:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 27 Apr 2009 16:09:09 -0000 Received: (qmail 79387 invoked by uid 500); 27 Apr 2009 16:09:08 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 79301 invoked by uid 500); 27 Apr 2009 16:09:07 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 79292 invoked by uid 99); 27 Apr 2009 16:09:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Apr 2009 16:09:07 +0000 X-ASF-Spam-Status: No, hits=-4.0 required=10.0 tests=RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jorton@redhat.com designates 66.187.237.31 as permitted sender) Received: from [66.187.237.31] (HELO mx2.redhat.com) (66.187.237.31) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Apr 2009 16:08:59 +0000 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n3RG8boB014495 for ; Mon, 27 Apr 2009 12:08:37 -0400 Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199]) by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n3RG8bfx029837 for ; Mon, 27 Apr 2009 12:08:37 -0400 Received: from turnip.manyfish.co.uk (vpn-12-71.rdu.redhat.com [10.11.12.71]) by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n3RG8a5K008084 for ; Mon, 27 Apr 2009 12:08:36 -0400 Received: from jorton by turnip.manyfish.co.uk with local (Exim 4.69) (envelope-from ) id 1LyTNk-0003Gl-3o for dev@httpd.apache.org; Mon, 27 Apr 2009 17:08:36 +0100 Date: Mon, 27 Apr 2009 17:08:36 +0100 From: Joe Orton To: dev@httpd.apache.org Subject: Re: svn commit: r760866 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_ssl.xml modules/proxy/mod_proxy_http.c modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_io.c modules/ssl/ssl_private.h Message-ID: <20090427160836.GA12166@redhat.com> Mail-Followup-To: dev@httpd.apache.org References: <20090401120754.4D96E23889FD@eris.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20090401120754.4D96E23889FD@eris.apache.org> User-Agent: Mutt/1.5.18 (2008-05-17) Organization: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in UK and Wales under Company Registration No. 03798903 Directors: Michael Cunningham (USA), Brendan Lane (Ireland), Matt Parson (USA), Charlie Peters (USA) X-Scanned-By: MIMEDefang 2.58 on 172.16.27.26 X-Virus-Checked: Checked by ClamAV on apache.org On Wed, Apr 01, 2009 at 12:07:49PM -0000, rpluem@apache.org wrote: > Author: rpluem > Date: Wed Apr 1 12:07:47 2009 > New Revision: 760866 > > URL: http://svn.apache.org/viewvc?rev=760866&view=rev > Log: ... > + if (sc->proxy_ssl_check_peer_expire == SSL_ENABLED_TRUE) { > + apr_time_t start_time; > + apr_time_t end_time; > + apr_time_t now; > + > + start_time = parseASN1time(c->pool, > + ssl_var_lookup(NULL, c->base_server, > + c, NULL, > + "SSL_CLIENT_V_START")); > + end_time = parseASN1time(c->pool, > + ssl_var_lookup(NULL, c->base_server, > + c, NULL, > + "SSL_CLIENT_V_END")); You can (and should) use X509_get_notBefore(), X509_get_notAfter() to get the end/start times form sslconn->client_cert; can check for expiry using X509_cmp_current_time() on the returned values. Should require 1 less ASN.1 date parser! Also maybe default these to "on" for the trunk? Sorry, I'm about a month behind on reading svn commits now :( Joe