From 33ab2e31f380888dc3b8d8ba7da6ded1ae51b0d5 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 9 Mar 2009 13:59:07 +0000
Subject: [PATCH] PR: 1854 Submitted by: Oliver Martin
 <oliver@volatilevoid.net> Reviewed by: steve@openssl.org

Support GeneralizedTime in ca utility.
---
 CHANGES              |  3 +++
 apps/ca.c            | 21 ++++++++-------------
 crypto/asn1/a_time.c | 22 ++++++++++++++++++++++
 crypto/asn1/asn1.h   |  1 +
 4 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/CHANGES b/CHANGES
index 695ed97479..e42b7d7838 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8j and 0.9.9  [xx XXX xxxx]
 
+  *) Support GeneralizedTime in ca utility. 
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+
   *) Enhance the hash format used for certificate directory links. The new
      form uses the canonical encoding (meaning equivalent names will work
      even if they aren't identical) and uses SHA1 instead of MD5. This form
diff --git a/apps/ca.c b/apps/ca.c
index cb7bd3552b..4f236cce27 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1109,9 +1109,9 @@ bad:
 			if (startdate == NULL)
 				ERR_clear_error();
 			}
-		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+		if (startdate && !ASN1_TIME_set_string(NULL, startdate))
 			{
-			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
 			goto err;
 			}
 		if (startdate == NULL) startdate="today";
@@ -1123,9 +1123,9 @@ bad:
 			if (enddate == NULL)
 				ERR_clear_error();
 			}
-		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
+		if (enddate && !ASN1_TIME_set_string(NULL, enddate))
 			{
-			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
 			goto err;
 			}
 
@@ -2007,11 +2007,11 @@ again2:
 
 	if (strcmp(startdate,"today") == 0)
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
-	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+	else ASN1_TIME_set_string(X509_get_notBefore(ret),startdate);
 
 	if (enddate == NULL)
 		X509_time_adj_ex(X509_get_notAfter(ret),days, 0, NULL);
-	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
+	else ASN1_TIME_set_string(X509_get_notAfter(ret),enddate);
 
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
@@ -2107,7 +2107,7 @@ again2:
 		}
 
 	BIO_printf(bio_err,"Certificate is to be certified until ");
-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+	ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
 	if (days) BIO_printf(bio_err," (%ld days)",days);
 	BIO_printf(bio_err, "\n");
 
@@ -2397,12 +2397,7 @@ static int fix_data(int nid, int *type)
 
 static int check_time_format(const char *str)
 	{
-	ASN1_UTCTIME tm;
-
-	tm.data=(unsigned char *)str;
-	tm.length=strlen(str);
-	tm.type=V_ASN1_UTCTIME;
-	return(ASN1_UTCTIME_check(&tm));
+	return ASN1_TIME_set_string(NULL, str);
 	}
 
 static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 577e263402..576de5805a 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -173,3 +173,25 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE
 
 	return ret;
 	}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+	{
+	ASN1_TIME t;
+
+	t.length = strlen(str);
+	t.data = (unsigned char *)str;
+	
+	t.type = V_ASN1_UTCTIME;
+
+	if (!ASN1_TIME_check(&t))
+		{
+		t.type = V_ASN1_GENERALIZEDTIME;
+		if (!ASN1_TIME_check(&t))
+			return 0;
+		}
+	
+	if (s && !ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+			return 0;
+
+	return 1;
+	}
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 26c3a48c6b..2c0e05ba0f 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -885,6 +885,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s,time_t t,
 				int offset_day, long offset_sec);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
 
 int i2d_ASN1_SET(STACK_OF(BLOCK) *a, unsigned char **pp,
 		 i2d_of_void *i2d, int ex_tag, int ex_class,
-- 
2.25.1