Scroll to navigation

X509_GET0_NOTBEFORE(3) Library Functions Manual X509_GET0_NOTBEFORE(3)

NAME

X509_get0_notBefore, X509_get0_notAfter, X509_getm_notBefore, X509_getm_notAfter, X509_get_notBefore, X509_get_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_get_lastUpdate, X509_CRL_get_nextUpdate, X509_set1_notBefore, X509_set1_notAfter, X509_set_notBefore, X509_set_notAfter, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate, X509_CRL_set_lastUpdate, X509_CRL_set_nextUpdateget and set certificate and CRL validity dates

SYNOPSIS

#include <openssl/x509.h>

const ASN1_TIME *
X509_get0_notBefore(const X509 *x);

const ASN1_TIME *
X509_get0_notAfter(const X509 *x);

ASN1_TIME *
X509_getm_notBefore(const X509 *x);

ASN1_TIME *
X509_getm_notAfter(const X509 *x);

ASN1_TIME *
X509_get_notBefore(const X509 *x);

ASN1_TIME *
X509_get_notAfter(const X509 *x);

const ASN1_TIME *
X509_CRL_get0_lastUpdate(const X509_CRL *crl);

const ASN1_TIME *
X509_CRL_get0_nextUpdate(const X509_CRL *crl);

ASN1_TIME *
X509_CRL_get_lastUpdate(X509_CRL *crl);

ASN1_TIME *
X509_CRL_get_nextUpdate(X509_CRL *crl);

int
X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);

int
X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);

int
X509_set_notBefore(X509 *x, const ASN1_TIME *tm);

int
X509_set_notAfter(X509 *x, const ASN1_TIME *tm);

int
X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);

int
X509_CRL_set_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);

DESCRIPTION

() and () return pointers to the notBefore and notAfter fields of the validity period of the certificate x, respectively. () and () are deprecated aliases implemented as macros.

() and () are identical except for the const qualifier on the return type.

() is misnamed in a confusing way: it returns a pointer to the thisUpdate field of the crl, indicating the time when this crl was issued.

() returns a pointer to the nextUpdate field of the crl, indicating the time when issuing the subsequent CRL will be due.

() and () are deprecated and identical except for the const qualifier on the argument and on the return type.

(), (), (), and () set the notBefore, notAfter, thisUpdate (sic!), or nextUpdate field of x or crl, respectively, to a deep copy of tm and free the ASN1_TIME value that they replace.

(), (), (), and () are deprecated aliases.

RETURN VALUES

The functions return internal pointers which must not be freed by the application, or NULL if the requested field is not available. They may crash with a NULL pointer access if x or crl is NULL.

The functions return 1 on success or 0 on failure. They fail if x is NULL or does not contain a validity substructure, if crl is NULL, or if ASN1_STRING_dup(3) fails.

Except for some cases of ASN1_STRING_dup(3) failure, these functions do not support determining reasons for failure with ERR_get_error(3).

SEE ALSO

ASN1_TIME_set(3), X509_cmp_time(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_get_subject_name(3), X509_new(3), X509_sign(3), X509_VAL_new(3), X509_verify_cert(3)

HISTORY

X509_get_notBefore(), X509_get_notAfter(), X509_set_notBefore(), and X509_set_notAfter() first appeared in SSLeay 0.6.5 and have been available since OpenBSD 2.4.

X509_CRL_get_lastUpdate() and X509_CRL_get_nextUpdate() first appeared in OpenSSL 0.9.2 and have been available since OpenBSD 2.6.

X509_CRL_set_lastUpdate() and X509_CRL_set_nextUpdate() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

The remaining functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.

March 5, 2024 Linux 6.4.0-150600.23.25-default