NAME¶

X509_get0_notBefore, X509_get0_notAfter, X509_getm_notBefore, X509_getm_notAfter, X509_get_notBefore, X509_get_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate, X509_set1_notBefore, X509_set1_notAfter, X509_set_notBefore, X509_set_notAfter, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate, X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdate — get and set certificate and CRL validity dates

SYNOPSIS¶

#include <openssl/x509.h>

const ASN1_TIME *
X509_get0_notBefore(const X509 *x);

const ASN1_TIME *
X509_get0_notAfter(const X509 *x);

ASN1_TIME *
X509_getm_notBefore(const X509 *x);

ASN1_TIME *
X509_getm_notAfter(const X509 *x);

ASN1_TIME *
X509_get_notBefore(const X509 *x);

ASN1_TIME *
X509_get_notAfter(const X509 *x);

const ASN1_TIME *
X509_CRL_get0_lastUpdate(const X509_CRL *crl);

const ASN1_TIME *
X509_CRL_get0_nextUpdate(const X509_CRL *crl);

ASN1_TIME *
X509_CRL_get_lastUpdate(X509_CRL *crl);

ASN1_TIME *
X509_CRL_get_nextUpdate(X509_CRL *crl);

int
X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);

int
X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);

int
X509_set_notBefore(X509 *x, const ASN1_TIME *tm);

int
X509_set_notAfter(X509 *x, const ASN1_TIME *tm);

int
X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);

DESCRIPTION¶

X509_getm_notBefore() and X509_getm_notAfter() return pointers to the notBefore and notAfter fields of the validity period of the certificate x, respectively. X509_get_notBefore() and X509_get_notAfter() are deprecated aliases implemented as macros.

X509_get0_notBefore() and X509_get0_notAfter() are identical except for the const qualifier on the return type.

X509_CRL_get0_lastUpdate() is misnamed in a confusing way: it returns a pointer to the thisUpdate field of the crl, indicating the time when this crl was issued.

X509_CRL_get0_nextUpdate() returns a pointer to the nextUpdate field of the crl, indicating the time when issuing the subsequent CRL will be due.

X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() are deprecated and identical except for the const qualifier on the argument and on the return type.

X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate(), and X509_CRL_set1_nextUpdate() set the notBefore, notAfter, thisUpdate (sic!), or nextUpdate field of x or crl, respectively, to a deep copy of tm and free the ASN1_TIME value that they replace.

X509_set_notBefore(), X509_set_notAfter(), X509_CRL_set_lastUpdate(), and X509_CRL_set_nextUpdate() are deprecated aliases.

RETURN VALUES¶

The get functions return internal pointers which must not be freed by the application, or NULL if the requested field is not available. They may crash with a NULL pointer access if x or crl is NULL.

The set functions return 1 on success or 0 on failure. They fail if x is NULL or does not contain a validity substructure, if crl is NULL, or if ASN1_STRING_dup(3) fails.

Except for some cases of ASN1_STRING_dup(3) failure, these functions do not support determining reasons for failure with ERR_get_error(3).

SEE ALSO¶

ASN1_TIME_set(3), X509_cmp_time(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_get_subject_name(3), X509_new(3), X509_sign(3), X509_VAL_new(3), X509_verify_cert(3)

HISTORY¶

X509_get_notBefore(), X509_get_notAfter(), X509_set_notBefore(), and X509_set_notAfter() first appeared in SSLeay 0.6.5 and have been available since OpenBSD 2.4.

X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() first appeared in OpenSSL 0.9.2 and have been available since OpenBSD 2.6.

X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

The remaining functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.