Thanks, I did not know that.

On 1/28/06, Kyle Hamilton wrote:
> TZ is an environment variable. Each process gets its own environment
> that it can change at will, that is sandboxed from every other
> environment. This environment is copied to child processes at fork(),
> though an environment can be overwritten by the child of the fork()
> before it does the exec...() call.
>
> The timegm looks at the current process's environment to determine
> what delta to apply to the timeofday, by looking at the value of TZ.
> You can putenv() and getenv() yourself to modify it within your own
> code.
>
> Read the man pages for more information on how you can exploit this featu=

re.
>
> -Kyle H
>
> On 1/28/06, Joe Gluck wrote:
> > I can't change the TZ because it will affect the entire system and it
> > is a production system running on client sites, so I can't just change
> > the TZ.
> >
> > and the mktime wil return it in time_t but after converting it to local=

time.
> >
> > (The only thing that I may be can do, is load the times from the cert
> > as local time, and compare it to the current local time as well.)
> >
> > On 1/28/06, Kyle Hamilton wrote:
> > > From the Linux gnu libc timegm(3) manpage:
> > >
> > > For a portable version of timegm(), set the TZ environment variable t=

o
> > > UTC, call mktime() and restore the value of TZ.
> > >
> > > -Kyle H
> > >
> > > On 1/28/06, Dr. Stephen Henson wrote:
> > > > On Sat, Jan 28, 2006, Joe Gluck wrote:
> > > >
> > > > > My mistake it was ASN1_TIME that is correct.
> > > > >
> > > > > But any way, I don't see a reason why I should not be able to con=

vert
> > > > > it, if I don't care for milliseconds, time_t can represent times =

for
> > > > > up to 2038, so It should be ok to convert it to the time_t.
> > > > >
> > > >
> > > > An GeneralizedTime structure can represent years from 0000 to 9999.=

UtcTime
> > > > from 1950 to 2049. Either can be part of a Time structure which is =

represented
> > > > in OpenSSL as ASN1_TIME.
> > > >
> > > > The usual place such large data ranges are seen is in compliance te=

sts
> > > > though and not commonly in practice.
> > > >
> > > > Some system time routines have undefined behaviour when asked to co=

nvert out
> > > > of range value to time_t.
> > > >
> > > > > Any ideas, the ASN1_cmp_time does much more than what I need, bec=

ause
> > > > > I will be comparing at least once a second (If I check the last t=

ime
> > > > > to be at least one second earlier.) And because they are all in m=

y
> > > > > cache for hopefully lets say a year, why not convert it to time_t=

and
> > > > > just check it with > current_gmt_time ?
> > > > >
> > > >
> > > > Well the other reason is that you need the function timegm or its e=

quivalent
> > > > which is far from universally implemented.
> > > >
> > > > So if you have the equivalent to that and can sensibly do something=

for values
> > > > out of range then there's no reason you can't do that...
> > > >
> > > > Steve.
> > > > --
> > > > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> > > > OpenSSL project core developer and freelance consultant.
> > > > Funding needed! Details on homepage.
> > > > Homepage: http://www.drh-consultancy.demon.co.uk
> > > > __________________________________________________ _________________=

___
> > > > OpenSSL Project http://www.openssl.=

org
> > > > Development Mailing List openssl-dev@openssl.=

org
> > > > Automated List Manager majordomo@openssl.=

org
> > > >
> > > __________________________________________________ ___________________=

_
> > > OpenSSL Project http://www.openssl.or=

g
> > > Development Mailing List openssl-dev@openssl.or=

g
> > > Automated List Manager majordomo@openssl.or=

g
> > >

> > __________________________________________________ ____________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List openssl-dev@openssl.org
> > Automated List Manager majordomo@openssl.org
> >

> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List openssl-dev@openssl.org
> Automated List Manager majordomo@openssl.org
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org