aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ssluse.c54
1 files changed, 54 insertions, 0 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index a3cf492b9..14b926451 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -472,6 +472,53 @@ static int Store_SSL_Session(struct connectdata *conn)
return 0;
}
+static int Curl_ASN1_UTCTIME_output(struct connectdata *conn,
+ const char *prefix,
+ ASN1_UTCTIME *tm)
+{
+ char *asn1_string;
+ int gmt=FALSE;
+ int i;
+ int year=0,month=0,day=0,hour=0,minute=0,second=0;
+ struct SessionHandle *data = conn->data;
+
+ if(!data->set.verbose)
+ return 0;
+
+ i=tm->length;
+ asn1_string=(char *)tm->data;
+
+ if (i < 10)
+ return 1;
+ if (asn1_string[i-1] == 'Z')
+ gmt=TRUE;
+ for (i=0; i<10; i++)
+ if ((asn1_string[i] > '9') || (asn1_string[i] < '0'))
+ return 2;
+
+ year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
+ if (year < 50)
+ year+=100;
+
+ month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
+ if ((month > 12) || (month < 1))
+ return 3;
+
+ day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
+ hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
+ minute= (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
+
+ if ( (asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
+ (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
+ second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
+
+ infof(data,
+ "%s%04d-%02d-%02d %02d:%02d:%02d %s\n",
+ prefix, year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
+
+ return 0;
+}
+
#endif
/* ====================================================== */
@@ -486,6 +533,7 @@ Curl_SSLConnect(struct connectdata *conn)
char * str;
SSL_METHOD *req_method;
SSL_SESSION *ssl_sessionid=NULL;
+ ASN1_TIME *certdate;
/* mark this is being ssl enabled from here on out. */
conn->ssl.use = TRUE;
@@ -596,6 +644,12 @@ Curl_SSLConnect(struct connectdata *conn)
infof(data, "\t subject: %s\n", str);
CRYPTO_free(str);
+ certdate = X509_get_notBefore(conn->ssl.server_cert);
+ Curl_ASN1_UTCTIME_output(conn, "\t start date: ", certdate);
+
+ certdate = X509_get_notAfter(conn->ssl.server_cert);
+ Curl_ASN1_UTCTIME_output(conn, "\t expire date: ", certdate);
+
if (data->set.ssl.verifyhost) {
char peer_CN[257];
if (X509_NAME_get_text_by_NID(X509_get_subject_name(conn->ssl.server_cert), NID_commonName, peer_CN, sizeof(peer_CN)) < 0) {