Allow UTCTIME objects to be retrieved. Check for imminent cert expiry.
diff --git a/apps/x509.c b/apps/x509.c
index 5403576..0184c62 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -113,6 +113,8 @@
" -addreject arg - reject certificate for a given purpose\n",
" -setalias arg - set certificate alias\n",
" -days arg - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg - check whether the cert expires in the next arg seconds\n",
+" exit 1 if so, 0 if not\n",
" -signkey arg - self sign cert with arg\n",
" -x509toreq - output a certification request object\n",
" -req - input is a certificate request, sign and output.\n",
@@ -173,6 +175,7 @@
LHASH *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
+ int checkend=0,checkoffset=0;
reqfile=0;
@@ -353,6 +356,12 @@
startdate= ++num;
else if (strcmp(*argv,"-enddate") == 0)
enddate= ++num;
+ else if (strcmp(*argv,"-checkend") == 0)
+ {
+ if (--argc < 1) goto bad;
+ checkoffset=atoi(*(++argv));
+ checkend=1;
+ }
else if (strcmp(*argv,"-noout") == 0)
noout= ++num;
else if (strcmp(*argv,"-trustout") == 0)
@@ -839,6 +848,24 @@
}
}
+ if(checkend)
+ {
+ time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));
+ time_t tnow=time(NULL);
+
+ if(tnow+checkoffset > t)
+ {
+ BIO_printf(out,"Certificate will expire\n");
+ ret=1;
+ }
+ else
+ {
+ BIO_printf(out,"Certificate will not expire\n");
+ ret=0;
+ }
+ goto end;
+ }
+
if (noout)
{
ret=0;
