xref: /freebsd/crypto/openssl/doc/man3/X509_cmp_time.pod (revision e64fe029e9d3ce476e77a478318e0c3cd201ff08)
1=pod
2
3=head1 NAME
4
5X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe,
6X509_time_adj, X509_time_adj_ex, X509_gmtime_adj
7- X509 time functions
8
9=head1 SYNOPSIS
10
11 int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
12 int X509_cmp_current_time(const ASN1_TIME *asn1_time);
13 int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
14                        const ASN1_TIME *start, const ASN1_TIME *end);
15 ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
16 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
17                             offset_sec, time_t *in_tm);
18 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec);
19
20=head1 DESCRIPTION
21
22X509_cmp_time() compares the ASN1_TIME in I<asn1_time> with the time
23in <in_tm>.
24
25X509_cmp_current_time() compares the ASN1_TIME in
26I<asn1_time> with the current time, expressed as time_t.
27
28X509_cmp_timeframe() compares the given time period with the reference time
29included in the verification parameters I<vpm> if they are not NULL and contain
30B<X509_V_FLAG_USE_CHECK_TIME>; else the current time is used as reference time.
31
32X509_time_adj_ex() sets the ASN1_TIME structure I<asn1_time> to the time
33I<offset_day> and I<offset_sec> after I<in_tm>.
34
35X509_time_adj() sets the ASN1_TIME structure I<asn1_time> to the time
36I<offset_sec> after I<in_tm>. This method can only handle second
37offsets up to the capacity of long, so the newer X509_time_adj_ex()
38API should be preferred.
39
40In both methods, if I<asn1_time> is NULL, a new ASN1_TIME structure
41is allocated and returned.
42
43In all methods, if I<in_tm> is NULL, the current time, expressed as
44time_t, is used.
45
46I<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280,
47i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.
48
49X509_gmtime_adj() sets the ASN1_TIME structure I<asn1_time> to the time
50I<offset_sec> after the current time. It is equivalent to calling
51X509_time_adj() with the last parameter as NULL.
52
53=head1 BUGS
54
55Unlike many standard comparison functions, X509_cmp_time() and
56X509_cmp_current_time() return 0 on error.
57
58=head1 RETURN VALUES
59
60X509_cmp_time() and X509_cmp_current_time() return -1 if I<asn1_time>
61is earlier than, or equal to, I<in_tm> (resp. current time), and 1
62otherwise. These methods return 0 on error.
63
64X509_cmp_timeframe() returns 0 if I<vpm> is not NULL and the verification
65parameters do not contain B<X509_V_FLAG_USE_CHECK_TIME>
66but do contain B<X509_V_FLAG_NO_CHECK_TIME>. Otherwise it returns
671 if the end time is not NULL and the reference time (which has determined as
68stated above) is past the end time, -1 if the start time is not NULL and the
69reference time is before, else 0 to indicate that the reference time is in range
70(implying that the end time is not before the start time if both are present).
71
72X509_time_adj(), X509_time_adj_ex() and X509_gmtime_adj() return a pointer to
73the updated ASN1_TIME structure, and NULL on error.
74
75=head1 HISTORY
76
77X509_cmp_timeframe() was added in OpenSSL 3.0.
78
79=head1 COPYRIGHT
80
81Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
82
83Licensed under the Apache License 2.0 (the "License").  You may not use
84this file except in compliance with the License.  You can obtain a copy
85in the file LICENSE in the source distribution or at
86L<https://www.openssl.org/source/license.html>.
87
88=cut
89