Menu
▾
▴
[pyOpenSSL] notBefore and notAfter (was Re: pyOpenSSL certificate information - how?)
|
From: <msj...@gm...> - 2004-08-08 12:02:38
|
On Fri, 6 Aug 2004 10:54:37 -0400, Mihai Ibanescu <mi...@re...> wrote: > On a slightly related note. > I cannot seem to be able to retrieve notBefore and notAfter from an X509 cert. > I suppose that would be a good thing to add, wouldn't it? > (I found how to set them, but not how to retrieve them). Well, ASN1_TIME in openssl is something of a mess. There's no good way to turn it into e.g. a time_t that could make sense in a python program. From what I understand of the code, you can basically do the following with an ASN1_TIME: * print it (ASN1_TIME_print / ASN1_UTCTIME_print) * set/adjust it (ASN1_TIME_set / X509_time_adj / X509_gmtime_adj / ...) * compare it (ASN1_UTCTIME_cmp_time_t) The X509.has_expired method compares the notAfter value to "now". I'm not sure what makes sense to do here. I suppose we could add some sort of print_notBefore/print_notAfter methods to X509. Another idea would be to add a wrapper type for ASN1_TIME (crypto.ASN1Time? asn1.Time?) that could have a __str__ for the printing, and some comparison methods... I'm loathe to do anything dramatic though, since I'm trying to get a new version out the door before Debian sarge is released. ;-) Ideas and suggestions are most welcome. /Martin |
