1dea77ea6SJung-uk Kim=pod 2dea77ea6SJung-uk Kim 3dea77ea6SJung-uk Kim=head1 NAME 4dea77ea6SJung-uk Kim 5*b077aed3SPierre ProncheryX509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, 6*b077aed3SPierre ProncheryX509_time_adj, X509_time_adj_ex, X509_gmtime_adj 7e71b7053SJung-uk Kim- X509 time functions 8dea77ea6SJung-uk Kim 9dea77ea6SJung-uk Kim=head1 SYNOPSIS 10dea77ea6SJung-uk Kim 11e71b7053SJung-uk Kim int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); 12e71b7053SJung-uk Kim int X509_cmp_current_time(const ASN1_TIME *asn1_time); 13*b077aed3SPierre Pronchery int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm, 14*b077aed3SPierre Pronchery const ASN1_TIME *start, const ASN1_TIME *end); 15e71b7053SJung-uk Kim ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); 16e71b7053SJung-uk Kim ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long 17e71b7053SJung-uk Kim offset_sec, time_t *in_tm); 18*b077aed3SPierre Pronchery ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec); 19dea77ea6SJung-uk Kim 20dea77ea6SJung-uk Kim=head1 DESCRIPTION 21dea77ea6SJung-uk Kim 22*b077aed3SPierre ProncheryX509_cmp_time() compares the ASN1_TIME in I<asn1_time> with the time 23*b077aed3SPierre Proncheryin <in_tm>. 24dea77ea6SJung-uk Kim 25*b077aed3SPierre ProncheryX509_cmp_current_time() compares the ASN1_TIME in 26*b077aed3SPierre ProncheryI<asn1_time> with the current time, expressed as time_t. 27dea77ea6SJung-uk Kim 28*b077aed3SPierre ProncheryX509_cmp_timeframe() compares the given time period with the reference time 29*b077aed3SPierre Proncheryincluded in the verification parameters I<vpm> if they are not NULL and contain 30*b077aed3SPierre ProncheryB<X509_V_FLAG_USE_CHECK_TIME>; else the current time is used as reference time. 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryX509_time_adj_ex() sets the ASN1_TIME structure I<asn1_time> to the time 33*b077aed3SPierre ProncheryI<offset_day> and I<offset_sec> after I<in_tm>. 34*b077aed3SPierre Pronchery 35*b077aed3SPierre ProncheryX509_time_adj() sets the ASN1_TIME structure I<asn1_time> to the time 36*b077aed3SPierre ProncheryI<offset_sec> after I<in_tm>. This method can only handle second 37e71b7053SJung-uk Kimoffsets up to the capacity of long, so the newer X509_time_adj_ex() 38e71b7053SJung-uk KimAPI should be preferred. 39e71b7053SJung-uk Kim 40*b077aed3SPierre ProncheryIn both methods, if I<asn1_time> is NULL, a new ASN1_TIME structure 41e71b7053SJung-uk Kimis allocated and returned. 42e71b7053SJung-uk Kim 43*b077aed3SPierre ProncheryIn all methods, if I<in_tm> is NULL, the current time, expressed as 44e71b7053SJung-uk Kimtime_t, is used. 45dea77ea6SJung-uk Kim 46*b077aed3SPierre ProncheryI<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280, 47*b077aed3SPierre Proncheryi.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. 48*b077aed3SPierre Pronchery 49*b077aed3SPierre ProncheryX509_gmtime_adj() sets the ASN1_TIME structure I<asn1_time> to the time 50*b077aed3SPierre ProncheryI<offset_sec> after the current time. It is equivalent to calling 51*b077aed3SPierre ProncheryX509_time_adj() with the last parameter as NULL. 52*b077aed3SPierre Pronchery 53dea77ea6SJung-uk Kim=head1 BUGS 54dea77ea6SJung-uk Kim 55e71b7053SJung-uk KimUnlike many standard comparison functions, X509_cmp_time() and 56e71b7053SJung-uk KimX509_cmp_current_time() return 0 on error. 57dea77ea6SJung-uk Kim 58dea77ea6SJung-uk Kim=head1 RETURN VALUES 59dea77ea6SJung-uk Kim 60*b077aed3SPierre ProncheryX509_cmp_time() and X509_cmp_current_time() return -1 if I<asn1_time> 61*b077aed3SPierre Proncheryis earlier than, or equal to, I<in_tm> (resp. current time), and 1 62e71b7053SJung-uk Kimotherwise. These methods return 0 on error. 63e71b7053SJung-uk Kim 64*b077aed3SPierre ProncheryX509_cmp_timeframe() returns 0 if I<vpm> is not NULL and the verification 65*b077aed3SPierre Proncheryparameters do not contain B<X509_V_FLAG_USE_CHECK_TIME> 66*b077aed3SPierre Proncherybut do contain B<X509_V_FLAG_NO_CHECK_TIME>. Otherwise it returns 67*b077aed3SPierre Pronchery1 if the end time is not NULL and the reference time (which has determined as 68*b077aed3SPierre Proncherystated above) is past the end time, -1 if the start time is not NULL and the 69*b077aed3SPierre Proncheryreference time is before, else 0 to indicate that the reference time is in range 70*b077aed3SPierre Pronchery(implying that the end time is not before the start time if both are present). 71*b077aed3SPierre Pronchery 72*b077aed3SPierre ProncheryX509_time_adj(), X509_time_adj_ex() and X509_gmtime_adj() return a pointer to 73*b077aed3SPierre Proncherythe updated ASN1_TIME structure, and NULL on error. 74*b077aed3SPierre Pronchery 75*b077aed3SPierre Pronchery=head1 HISTORY 76*b077aed3SPierre Pronchery 77*b077aed3SPierre ProncheryX509_cmp_timeframe() was added in OpenSSL 3.0. 78dea77ea6SJung-uk Kim 79dea77ea6SJung-uk Kim=head1 COPYRIGHT 80dea77ea6SJung-uk Kim 81*b077aed3SPierre ProncheryCopyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 82dea77ea6SJung-uk Kim 83*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 84dea77ea6SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 85dea77ea6SJung-uk Kimin the file LICENSE in the source distribution or at 86dea77ea6SJung-uk KimL<https://www.openssl.org/source/license.html>. 87dea77ea6SJung-uk Kim 88dea77ea6SJung-uk Kim=cut 89