implement -attime option as a verify parameter then it works with all relevant applications

author: Dr. Stephen Henson <steve@openssl.org> 2011-12-10 00:37:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-12-10 00:37:42 +0000
commit: f2e590942ea405638e7424a91fecd1e14efae3c4 (patch)
tree: b45d424c5f1ee55c39a359b6fb47de36eb3bc3e9
parent: 6a4b87eb9d4642fe66e1070066aadcdbff7b8525 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/apps/apps.c b/apps/apps.c
index b346558d2c..22ef53a9e8 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2256,6 +2256,7 @@ int args_verify(char ***pargs, int *pargc,
 	int purpose = 0, depth = -1;
 	char **oldargs = *pargs;
 	char *arg = **pargs, *argn = (*pargs)[1];
+	time_t at_time = 0;
 	if (!strcmp(arg, "-policy"))
 		{
 		if (!argn)
@@ -2308,6 +2309,27 @@ int args_verify(char ***pargs, int *pargc,
 			}
 		(*pargs)++;
 		}
+	else if (strcmp(arg,"-attime") == 0)
+		{
+		if (!argn)
+			*badarg = 1;
+		else
+			{
+			long timestamp;
+			/* interpret the -attime argument as seconds since
+			 * Epoch */
+			if (sscanf(argn, "%li", &timestamp) != 1)
+				{
+				BIO_printf(bio_err,
+						"Error parsing timestamp %s\n",
+					   	argn);
+				*badarg = 1;
+				}
+			/* on some platforms time_t may be a float */
+			at_time = (time_t) timestamp;
+			}
+		(*pargs)++;
+		}
 	else if (!strcmp(arg, "-ignore_critical"))
 		flags |= X509_V_FLAG_IGNORE_CRITICAL;
 	else if (!strcmp(arg, "-issuer_checks"))
@@ -2362,6 +2384,9 @@ int args_verify(char ***pargs, int *pargc,
 	if (depth >= 0)
 		X509_VERIFY_PARAM_set_depth(*pm, depth);
 
+	if (at_time) 
+		X509_VERIFY_PARAM_set_time(*pm, at_time);
+
 	end:
 
 	(*pargs)++;
author	Dr. Stephen Henson <steve@openssl.org>	2011-12-10 00:37:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-12-10 00:37:42 +0000
commit	f2e590942ea405638e7424a91fecd1e14efae3c4 (patch)
tree	b45d424c5f1ee55c39a359b6fb47de36eb3bc3e9
parent	6a4b87eb9d4642fe66e1070066aadcdbff7b8525 (diff)