Hi All,

I am facing a problem with "check_cert_time" function in OpenSSL
library. I am trying to handle X509_V_ERR_CERT_NOT_YET_VALID and
X509_V_ERR_CERT_NOT_YET_VALID errors.I am trying to simulate this errors
with the expired certificate and certificate not yet valid. Problem here
is I am always getting the error "certificate is not yet valid".I am not
able to get the error "certificate has expired".=20

I checked the function "check_cert_time".=20

static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
{

time_t *ptime;
int i;

if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime =3D &ctx->param->check_time;
else
ptime =3D NULL;

i=3DX509_cmp_time(X509_get_notBefore(x), ptime);
if (i =3D=3D 0)
{
ctx->error=3DX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
ctx->current_cert=3Dx;
if (!ctx->verify_cb(0, ctx))
return 0;
}

if (i > 0)
{
ctx->error=3DX509_V_ERR_CERT_NOT_YET_VALID;
ctx->current_cert=3Dx;
if (!ctx->verify_cb(0, ctx))
return 0;
}

i=3DX509_cmp_time(X509_get_notAfter(x), ptime);
if (i =3D=3D 0)
{
ctx->error=3DX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
ctx->current_cert=3Dx;
if (!ctx->verify_cb(0, ctx))
return 0;
}

if (i < 0)
{
ctx->error=3DX509_V_ERR_CERT_HAS_EXPIRED;
ctx->current_cert=3Dx;
if (!ctx->verify_cb(0, ctx))
return 0;
}

return 1;
}
Here value of i is always 1. Hence I am not able to simulate
X509_V_ERR_CERT_HAS_EXPIRED. Here "ctx->param->check_time" is set by
another function "X509_VERIFY_PARAM_set_time".=20
Function "X509_STORE_CTX_set_time" invokes "X509_VERIFY_PARAM_set_time".

I wanted to know how "X509_STORE_CTX_set_time" function is invoked and
where it will be invoked. I am not able to find any information by
browsing the code.


Thanks and Regards,
Jaya

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org