summaryrefslogtreecommitdiffstats
path: root/doc/man3/X509_get0_notBefore.pod
blob: 84dee91850c2d15f470ac30c62956a71fedfef26 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
=pod

=head1 NAME

X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter,
X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter,
X509_ACERT_get0_notBefore, X509_ACERT_get0_notAfter,
X509_ACERT_set1_notBefore, X509_ACERT_set1_notAfter,
X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate,
X509_CRL_set1_nextUpdate - get or set certificate or CRL dates

=head1 SYNOPSIS

 #include <openssl/x509.h>

 const ASN1_TIME *X509_get0_notBefore(const X509 *x);
 const ASN1_TIME *X509_get0_notAfter(const X509 *x);

 ASN1_TIME *X509_getm_notBefore(const X509 *x);
 ASN1_TIME *X509_getm_notAfter(const X509 *x);

 int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
 int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);

 const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notBefore(const X509 *x);
 const ASN1_GENERALIZEDTIME *X509_ACERT_get0_notAfter(const X509 *x);

 int X509_ACERT_set1_notBefore(X509_ACERT *x, const ASN1_GENERALIZEDTIME *tm);
 int X509_ACERT_set1_notAfter(X509_ACERT *x, const ASN1_GENERALIZEDTIME *tm);

 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
 const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);

 int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
 int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);

=head1 DESCRIPTION

X509_get0_notBefore() and X509_get0_notAfter() return the B<notBefore>
and B<notAfter> fields of certificate I<x> respectively. The value
returned is an internal pointer which must not be freed up after
the call.

X509_getm_notBefore() and X509_getm_notAfter() are similar to
X509_get0_notBefore() and X509_get0_notAfter() except they return
non-constant mutable references to the associated date field of
the certificate.

X509_set1_notBefore() and X509_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of I<x> to I<tm>. Ownership of the passed
parameter I<tm> is not transferred by these functions so it must
be freed up after the call.

X509_ACERT_get0_notBefore() and X509_ACERT_get0_notAfter() return
the B<notBefore> and B<notAfter> fields of certificate B<x> respectively.
returned is an internal pointer which must not be freed up after
the call.

X509_ACERT_set1_notBefore() and X509_ACERT_set1_notAfter() set the B<notBefore>
and B<notAfter> fields of B<x> to B<tm>. Ownership of the passed
parameter B<tm> is not transferred by these functions so it must
be freed up after the call.

X509_CRL_get0_lastUpdate() and X509_CRL_get0_nextUpdate() return the
B<lastUpdate> and B<nextUpdate> fields of I<crl>. The value
returned is an internal pointer which must not be freed up after
the call. If the B<nextUpdate> field is absent from I<crl> then
NULL is returned.

X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate() set the B<lastUpdate>
and B<nextUpdate> fields of I<crl> to I<tm>. Ownership of the passed parameter
I<tm> is not transferred by these functions so it must be freed up after the
call.
For X509_CRL_set1_nextUpdate() the I<tm> argument may be NULL,
which implies removal of the optional B<nextUpdate> field.

=head1 RETURN VALUES

X509_get0_notBefore(), X509_get0_notAfter() and X509_CRL_get0_lastUpdate()
return a pointer to an B<ASN1_TIME> structure.

X509_CRL_get0_lastUpdate() return a pointer to an B<ASN1_TIME> structure
or NULL if the B<lastUpdate> field is absent.

X509_set1_notBefore(), X509_set1_notAfter(), X509_CRL_set1_lastUpdate() and
X509_CRL_set1_nextUpdate() return 1 for success or 0 for failure.

=head1 NOTES

Unlike the B<X509> and B<X509_CRL> routines, the B<X509_ACERT> routines
use the ASN1_GENERALIZEDTIME format instead of ASN1_TIME for holding time
data.

=head1 SEE ALSO

L<d2i_X509(3)>,
L<ASN1_GENERALIZEDTIME_check(3)>
L<ERR_get_error(3)>,
L<X509_CRL_get0_by_serial(3)>,
L<X509_get0_signature(3)>,
L<X509_get_ext_d2i(3)>,
L<X509_get_extension_flags(3)>,
L<X509_get_pubkey(3)>,
L<X509_get_subject_name(3)>,
L<X509_NAME_add_entry_by_txt(3)>,
L<X509_NAME_ENTRY_get_object(3)>,
L<X509_NAME_get_index_by_NID(3)>,
L<X509_NAME_print_ex(3)>,
L<X509_new(3)>,
L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>

=head1 HISTORY

These functions are available in all versions of OpenSSL.

X509_get_notBefore() and X509_get_notAfter() were deprecated in OpenSSL
1.1.0

=head1 COPYRIGHT

Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut