diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssluse.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index a3cf492b9..14b926451 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -472,6 +472,53 @@ static int Store_SSL_Session(struct connectdata *conn) return 0; } +static int Curl_ASN1_UTCTIME_output(struct connectdata *conn, + const char *prefix, + ASN1_UTCTIME *tm) +{ + char *asn1_string; + int gmt=FALSE; + int i; + int year=0,month=0,day=0,hour=0,minute=0,second=0; + struct SessionHandle *data = conn->data; + + if(!data->set.verbose) + return 0; + + i=tm->length; + asn1_string=(char *)tm->data; + + if (i < 10) + return 1; + if (asn1_string[i-1] == 'Z') + gmt=TRUE; + for (i=0; i<10; i++) + if ((asn1_string[i] > '9') || (asn1_string[i] < '0')) + return 2; + + year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0'); + if (year < 50) + year+=100; + + month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0'); + if ((month > 12) || (month < 1)) + return 3; + + day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0'); + hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0'); + minute= (asn1_string[8]-'0')*10+(asn1_string[9]-'0'); + + if ( (asn1_string[10] >= '0') && (asn1_string[10] <= '9') && + (asn1_string[11] >= '0') && (asn1_string[11] <= '9')) + second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0'); + + infof(data, + "%s%04d-%02d-%02d %02d:%02d:%02d %s\n", + prefix, year+1900, month, day, hour, minute, second, (gmt?"GMT":"")); + + return 0; +} + #endif /* ====================================================== */ @@ -486,6 +533,7 @@ Curl_SSLConnect(struct connectdata *conn) char * str; SSL_METHOD *req_method; SSL_SESSION *ssl_sessionid=NULL; + ASN1_TIME *certdate; /* mark this is being ssl enabled from here on out. */ conn->ssl.use = TRUE; @@ -596,6 +644,12 @@ Curl_SSLConnect(struct connectdata *conn) infof(data, "\t subject: %s\n", str); CRYPTO_free(str); + certdate = X509_get_notBefore(conn->ssl.server_cert); + Curl_ASN1_UTCTIME_output(conn, "\t start date: ", certdate); + + certdate = X509_get_notAfter(conn->ssl.server_cert); + Curl_ASN1_UTCTIME_output(conn, "\t expire date: ", certdate); + if (data->set.ssl.verifyhost) { char peer_CN[257]; if (X509_NAME_get_text_by_NID(X509_get_subject_name(conn->ssl.server_cert), NID_commonName, peer_CN, sizeof(peer_CN)) < 0) { |