On 3/14/11 6:04 AM, Georgi Kodinov wrote:
> On 11.03.2011, at 20:23, Davi Arnaut wrote:
>> On 3/11/11 11:23 AM, Georgi Kodinov wrote:
>>> #Atfile:///Users/kgeorge/mysql/work/B57648-ossl-trunk/ based
>>> 3749 Georgi Kodinov 2011-03-11 Bug #11764778: server feature
>>> request - expose ssl certificate details in show global st
>>> There was no easy way to get the expiration dates of the server's
>>> Implemented two session status variables (Ssl_server_not_before
>>> and Ssl_server_not_after) with the same scope as e.g.
>>> Ssl_verify_depth to return the two dates in YYYY-MM-DD HH:MM:SS.
>>> Extended yaSSL to implement the needed APIs to return the data
>>> correctly similar to OpenSSL. Now correctly storing and filling
>>> in the subtype to yaSSL's ASN1_TIME. Implemented an yaSSL
>>> specific extension function ASN1_TIME_decode() to take ASN1_TIME
>>> and return it's building blocks in separate variables.
>>> Implemented a wrapper for openssl to do the same. Some type
>>> cleanups of some of the internal yaSSL functions. Test case
>> I don't understand why all these date related changes are needed to
>> yaSSL. It seems to me that what is needed is a common function that
>> converts a ASN1_TIME to a time_t (or a string). Am I missing
> Yes : yaSSL needs a function to extract the parsed server certificate
> first (in order to get the dates in ASN1_TIME). And in order to
> extract it it needs to make sure it's parsed and it's stored in the
> SSL structure after being parsed (similarly to the client
The X509_get_notBefore and X509_get_notAfter do not return meaningful
values as they are implemented in yaSSL?
From what I can follow in the current code:
a) After and before dates are stored as members of the X509 class and
are set when a object of the said class is constructed.
b) The information necessary to construct a X509 object is extracted
from a certificate, which is parsed by a CertDecoder object.
c) In the CertDecoder class, the method responsible for extracting the
dates is the GetValidity method. This method is invoked whenever it
begins decoding a x509 certificate (CertDecoder::Decode).
So, the current code seems to match your definition of parsing and
storing the dates. Where in this we lose the dates information?
> certificate). As for the ASN1_TIME to string : this is how openssl
> does it, but it's not parsable in any reasonably stable way. As for
Looking at the OpenSSL implementations (depending on the ASN1_TIME type,
ASN1_UTCTIME_print or ASN1_GENERALIZEDTIME_print), it seems to pretty
Why didn't you use ASN1_TIME_print for OpenSSL?