On 13/07/2015 12:22, Victor Wagner wrote: > On Mon, 13 Jul 2015 12:25:40 +0530 > Nayna Jain <naynjain at in.ibm.com> wrote: > >> Hi all, >> >> I am programmatically generating the self signed certificate and need >> to specify the "Not Before" and "Not After" date, >> >> Wanted to understand what all formats are acceptable by this API ? > X509_set_notAfter and X509_set_notBefore API expect ASN1_TIME structure. > You can use ASN1_TIME_set function to fill this structure. It expects > integer time_t value. > > X509_cmp_time also expects integer time_t value. > > So integer number of seconds since the beginning of the epoch (1.1.1970 > GMT) is everything you need. > > There is also ASN1_TINE_set_string function, which does deal with some > datetime format, but I suggest never use it. Use C runtime library > function strptime, which allows to specify format explicitely or mktime > to prepare time_t value from the user input. And use OpenSSL > ASN1_TIME_print function to convert ASN1_TIME to human-readble form. Does ASN1_TIME_set_string() support dates outside the time_t range of the local libc? This is important when creating root certs with expiry dates after 2038 (specifically, any time >= epoch+2**31). It is also important when creating self-signed Android apk signing certificates (which /must/ be valid for at least 30 years). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
