diff options
Diffstat (limited to 'webrtc/base/opensslidentity.cc')
-rw-r--r-- | webrtc/base/opensslidentity.cc | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc index feda6744f0..7185571102 100644 --- a/webrtc/base/opensslidentity.cc +++ b/webrtc/base/opensslidentity.cc @@ -96,6 +96,7 @@ static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) { X509* x509 = NULL; BIGNUM* serial_number = NULL; X509_NAME* name = NULL; + time_t epoch_off = 0; // Time offset since epoch. if ((x509=X509_new()) == NULL) goto error; @@ -130,8 +131,8 @@ static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) { !X509_set_issuer_name(x509, name)) goto error; - if (!X509_gmtime_adj(X509_get_notBefore(x509), params.not_before) || - !X509_gmtime_adj(X509_get_notAfter(x509), params.not_after)) + if (!X509_time_adj(X509_get_notBefore(x509), params.not_before, &epoch_off) || + !X509_time_adj(X509_get_notAfter(x509), params.not_after, &epoch_off)) goto error; if (!X509_sign(x509, pkey, EVP_sha256())) @@ -186,7 +187,7 @@ void OpenSSLKeyPair::AddReference() { #endif } -#ifdef _DEBUG +#if !defined(NDEBUG) // Print a certificate to the log, for debugging. static void PrintCert(X509* x509) { BIO* temp_memory_bio = BIO_new(BIO_s_mem()); @@ -215,7 +216,7 @@ OpenSSLCertificate* OpenSSLCertificate::Generate( LogSSLErrors("Generating certificate"); return NULL; } -#ifdef _DEBUG +#if !defined(NDEBUG) PrintCert(x509); #endif OpenSSLCertificate* ret = new OpenSSLCertificate(x509); @@ -373,6 +374,22 @@ void OpenSSLCertificate::AddReference() const { #endif } +// Documented in sslidentity.h. +int64_t OpenSSLCertificate::CertificateExpirationTime() const { + ASN1_TIME* expire_time = X509_get_notAfter(x509_); + bool long_format; + + if (expire_time->type == V_ASN1_UTCTIME) { + long_format = false; + } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { + long_format = true; + } else { + return -1; + } + + return ASN1TimeToSec(expire_time->data, expire_time->length, long_format); +} + OpenSSLIdentity::OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate) : key_pair_(key_pair), certificate_(certificate) { @@ -401,8 +418,9 @@ OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name, SSLIdentityParams params; params.key_params = key_params; params.common_name = common_name; - params.not_before = CERTIFICATE_WINDOW; - params.not_after = CERTIFICATE_LIFETIME; + time_t now = time(NULL); + params.not_before = now + CERTIFICATE_WINDOW; + params.not_after = now + CERTIFICATE_LIFETIME; return GenerateInternal(params); } |