Use X509_cmp_time() in -checkend option, to support GeneralizedTime.

author Dr. Stephen Henson <steve@openssl.org>

Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)
diff --git a/apps/x509.c b/apps/x509.c

index 167b94f85f6277d6e0395a0a4a0372a9bc4208fb..7a998523c77dfbc5e8427dab194dc151ada5d82c 100644 (file)
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -974,9 +974,9 @@ bad:
  
         if (checkend)
                 {
-               time_t tnow=time(NULL);
+               time_t tcheck=time(NULL) + checkoffset;
  
-               if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
+               if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
                         {
                         BIO_printf(out,"Certificate will expire\n");
                         ret=1;
author	Dr. Stephen Henson <steve@openssl.org>
	Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Sun, 5 Dec 2004 18:26:48 +0000 (18:26 +0000)