diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2016-08-19 12:39:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2016-08-19 18:40:55 +0100 |
commit | 568ce3a583a17c33feacbf5028ece9f7f0680478 (patch) | |
tree | f55156e99147d3139ad974b7a9c44925982bf987 /crypto | |
parent | c4fbed6c3139726fc719a703d2195f3b6426b748 (diff) |
Constify certificate and CRL time routines.
Update certificate and CRL time routines to match new standard.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/t_crl.c | 6 | ||||
-rw-r--r-- | crypto/x509/t_x509.c | 4 | ||||
-rw-r--r-- | crypto/x509/x509_set.c | 18 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 18 | ||||
-rw-r--r-- | crypto/x509/x509cset.c | 20 |
5 files changed, 45 insertions, 21 deletions
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c index 2451ee72db..de0320d075 100644 --- a/crypto/x509/t_crl.c +++ b/crypto/x509/t_crl.c @@ -51,10 +51,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x) BIO_printf(out, "%8sIssuer: %s\n", "", p); OPENSSL_free(p); BIO_printf(out, "%8sLast Update: ", ""); - ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); + ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); BIO_printf(out, "\n%8sNext Update: ", ""); - if (X509_CRL_get_nextUpdate(x)) - ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); + if (X509_CRL_get0_nextUpdate(x)) + ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); else BIO_printf(out, "NONE"); BIO_printf(out, "\n"); diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c index 5d7c130d46..feeff754c3 100644 --- a/crypto/x509/t_x509.c +++ b/crypto/x509/t_x509.c @@ -129,11 +129,11 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, goto err; if (BIO_write(bp, " Not Before: ", 24) <= 0) goto err; - if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) + if (!ASN1_TIME_print(bp, X509_get0_notBefore(x))) goto err; if (BIO_write(bp, "\n Not After : ", 25) <= 0) goto err; - if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) + if (!ASN1_TIME_print(bp, X509_get0_notAfter(x))) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 3cebf6ef3b..8bf367b645 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -71,14 +71,14 @@ int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) return (in != NULL); } -int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) { if (x == NULL) return 0; return x509_set1_time(&x->cert_info.validity.notBefore, tm); } -int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) { if (x == NULL) return 0; @@ -109,7 +109,18 @@ long X509_get_version(const X509 *x) return ASN1_INTEGER_get(x->cert_info.version); } -ASN1_TIME * X509_get_notBefore(const X509 *x) +const ASN1_TIME *X509_get0_notBefore(const X509 *x) +{ + return x->cert_info.validity.notBefore; +} + +const ASN1_TIME *X509_get0_notAfter(const X509 *x) +{ + return x->cert_info.validity.notAfter; +} + +#if OPENSSL_API_COMPAT < 0x10100000L +ASN1_TIME *X509_get_notBefore(const X509 *x) { return x->cert_info.validity.notBefore; } @@ -118,6 +129,7 @@ ASN1_TIME *X509_get_notAfter(const X509 *x) { return x->cert_info.validity.notAfter; } +#endif int X509_get_signature_type(const X509 *x) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 36baeacb9d..13a9ba3c38 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -921,7 +921,7 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) else ptime = NULL; - i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); if (i == 0) { if (!notify) return 0; @@ -936,8 +936,8 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) return 0; } - if (X509_CRL_get_nextUpdate(crl)) { - i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + if (X509_CRL_get0_nextUpdate(crl)) { + i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime); if (i == 0) { if (!notify) @@ -979,8 +979,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, /* If current CRL is equivalent use it if it is newer */ if (crl_score == best_score) { int day, sec; - if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), - X509_CRL_get_lastUpdate(crl)) == 0) + if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl), + X509_CRL_get0_lastUpdate(crl)) == 0) continue; /* * ASN1_TIME_diff never returns inconsistent signs for |day| @@ -1646,7 +1646,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) else ptime = NULL; - i = X509_cmp_time(X509_get_notBefore(x), ptime); + i = X509_cmp_time(X509_get0_notBefore(x), ptime); if (i >= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1655,7 +1655,7 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID)) return 0; - i = X509_cmp_time(X509_get_notAfter(x), ptime); + i = X509_cmp_time(X509_get0_notAfter(x), ptime); if (i <= 0 && depth < 0) return 0; if (i == 0 && !verify_cb_cert(ctx, x, depth, @@ -1983,9 +1983,9 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) goto memerr; - if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) + if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) goto memerr; - if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) + if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) goto memerr; /* Set base CRL number: must be critical */ diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 681c43812a..205785961b 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -33,14 +33,14 @@ int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) return (X509_NAME_set(&x->crl.issuer, name)); } -int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) { if (x == NULL) return 0; return x509_set1_time(&x->crl.lastUpdate, tm); } -int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) { if (x == NULL) return 0; @@ -80,16 +80,28 @@ long X509_CRL_get_version(const X509_CRL *crl) return ASN1_INTEGER_get(crl->crl.version); } -ASN1_TIME *X509_CRL_get_lastUpdate(const X509_CRL *crl) +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) { return crl->crl.lastUpdate; } -ASN1_TIME *X509_CRL_get_nextUpdate(const X509_CRL *crl) +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) { return crl->crl.nextUpdate; } +#if OPENSSL_API_COMPAT < 0x10100000L +ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) +{ + return crl->crl.lastUpdate; +} + +ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) +{ + return crl->crl.nextUpdate; +} +#endif + X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) { return crl->crl.issuer; |