使用C测试X509证书到期日期

时间:2014-05-01 12:09:37

标签: c cryptography openssl

如果X509?*证书过期,我如何编程测试? 他们是直接加密api? 或者我必须得到not_after时间并在我的代码中手动检查它?

2 个答案:

答案 0 :(得分:5)

你没说出哪种语言所以我总结了它们:

<强> PHP

$data = openssl_x509_parse(file_get_contents('/path/to/cert.crt'));

$validFrom = date('Y-m-d H:i:s', $data['validFrom_time_t']);
$validTo = date('Y-m-d H:i:s', $data['validTo_time_t']);

Java X509Certificate

InputStream inStream = null;

 try (InputStream inStream = new FileInputStream("fileName-of-cert")) {
     CertificateFactory cf = CertificateFactory.getInstance("X.509");
     X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);

     // check if valid on specific date (now set for today)
     cert.checkValidity(new Date());
     // Date nBefore = cert.getNotBefore();
     // Date nAfter = cert.getNotAfter();
 }

<强> C ++

using namespace System;
using namespace System::Security::Cryptography::X509Certificates;
int main()
{

   // The path to the certificate.
   String^ Certificate = "Certificate.cer";

   // Load the certificate into an X509Certificate object.
   X509Certificate^ cert = X509Certificate::CreateFromCertFile( Certificate );

   // Get the value.
   String^ results = cert->GetExpirationDateString();

   // Display the value to the console.
   Console::WriteLine( results );
}

<强> C

X509 *x
time_t *ptime;
i=X509_cmp_time(X509_get_notBefore(x), ptime);
i=X509_cmp_time(X509_get_notAfter(x), ptime);

答案 1 :(得分:2)

你应该可以使用:

result=X509_cmp_time(X509_get_notBefore(cert), ptime);

result=X509_cmp_time(X509_get_notAfter(cert), ptime);

使用OpenSSL。我不确定你能不能减少它&#34;手册&#34;不止于此。