blob: 73ef9e3fbc5c7195a027cd02cbf6128e973d5a23 [file] [log] [blame]
=pod
=head1 NAME
X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe,
X509_time_adj, X509_time_adj_ex
- X509 time functions
=head1 SYNOPSIS
int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
int X509_cmp_current_time(const ASN1_TIME *asn1_time);
int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
const ASN1_TIME *start, const ASN1_TIME *end);
ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
offset_sec, time_t *in_tm);
=head1 DESCRIPTION
X509_cmp_time() compares the ASN1_TIME in B<asn1_time> with the time
in <in_tm>.
X509_cmp_current_time() compares the ASN1_TIME in
B<asn1_time> with the current time, expressed as time_t.
X509_cmp_timeframe() compares the given time period with the reference time
included in the verification parameters B<vpm> if they are not NULL and contain
B<X509_V_FLAG_USE_CHECK_TIME>; else the current time is used as reference time.
X509_time_adj_ex() sets the ASN1_TIME structure B<asn1_time> to the time
B<offset_day> and B<offset_sec> after B<in_tm>.
X509_time_adj() sets the ASN1_TIME structure B<asn1_time> to the time
B<offset_sec> after B<in_tm>. This method can only handle second
offsets up to the capacity of long, so the newer X509_time_adj_ex()
API should be preferred.
In both methods, if B<asn1_time> is NULL, a new ASN1_TIME structure
is allocated and returned.
In all methods, if B<in_tm> is NULL, the current time, expressed as
time_t, is used.
B<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280,
i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.
=head1 BUGS
Unlike many standard comparison functions, X509_cmp_time() and
X509_cmp_current_time() return 0 on error.
=head1 RETURN VALUES
X509_cmp_time() and X509_cmp_current_time() return -1 if B<asn1_time>
is earlier than, or equal to, B<in_tm> (resp. current time), and 1
otherwise. These methods return 0 on error.
X509_cmp_timeframe() returns 0 if B<vpm> is not NULL and the verification
parameters do not contain B<X509_V_FLAG_USE_CHECK_TIME>
but do contain B<X509_V_FLAG_NO_CHECK_TIME>. Otherwise it returns
1 if the end time is not NULL and the reference time (which has determined as
stated above) is past the end time, -1 if the start time is not NULL and the
reference time is before, else 0 to indicate that the reference time is in range
(implying that the end time is not before the start time if both are present).
X509_time_adj() and X509_time_adj_ex() return a pointer to the updated
ASN1_TIME structure, and NULL on error.
=head1 HISTORY
X509_cmp_timeframe() was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut