diff options
author | Stephan Wurm <atomisirsi@gsklan.de> | 2023-08-09 09:07:46 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-09 20:13:31 +0200 |
commit | 8120223773d4c707dd43d9cc42a7fcab19609813 (patch) | |
tree | d6ba640c8b11135d9c6f214a507bbcbad744804f /CHANGES.md | |
parent | 4514e02cdfc96589d5e8ab0a08942fafa8e418ae (diff) |
apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a certificate in the
apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4
Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md index 5bbc34549e..a15321dda9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -12,6 +12,7 @@ appropriate release branch. OpenSSL Releases ---------------- + - [OpenSSL 3.4](#openssl-34) - [OpenSSL 3.3](#openssl-33) - [OpenSSL 3.2](#openssl-32) - [OpenSSL 3.1](#openssl-31) @@ -28,7 +29,12 @@ OpenSSL 3.4 ### Changes between 3.3 and 3.4 [xx XXX xxxx] - * None yet + * Added options `-not_before` and `-not_after` for explicit setting + start and end dates of certificates created with the `req` and `x509` + apps. Added the same options also to `ca` app as alias for + `-startdate` and `-enddate` options. + + *Stephan Wurm* OpenSSL 3.3 ----------- |