ouputs the start and expire dates of the server certificate on verbose

output
2001-09-11 10:00:49 +00:00 · 2001-09-11 10:00:49 +00:00 · 894b47da9b
parent 54e7246342
commit 894b47da9b
1 changed files with 54 additions and 0 deletions
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@ -472,6 +472,53 @@ static int Store_SSL_Session(struct connectdata *conn)
  return 0;
 }

+static int Curl_ASN1_UTCTIME_output(struct connectdata *conn,
+                                    const char *prefix,
+                                    ASN1_UTCTIME *tm)
+{
+  char *asn1_string;
+  int gmt=FALSE;
+  int i;
+  int year=0,month=0,day=0,hour=0,minute=0,second=0;
+  struct SessionHandle *data = conn->data;
+
+  if(!data->set.verbose)
+    return 0;
+
+  i=tm->length;
+  asn1_string=(char *)tm->data;
+
+  if (i < 10)
+    return 1;
+  if (asn1_string[i-1] == 'Z')
+    gmt=TRUE;
+  for (i=0; i<10; i++)
+    if ((asn1_string[i] > '9') || (asn1_string[i] < '0'))
+      return 2;
+
+  year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
+  if (year < 50)
+    year+=100;
+
+  month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
+  if ((month > 12) || (month < 1))
+    return 3;
+
+  day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
+  hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
+  minute=  (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
+
+  if ( (asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
+       (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
+    second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
+  
+  infof(data,
+        "%s%04d-%02d-%02d %02d:%02d:%02d %s\n",
+        prefix, year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
+
+  return 0;
+}
+
 #endif  

 /* ====================================================== */
@ -486,6 +533,7 @@ Curl_SSLConnect(struct connectdata *conn)
  char * str;
  SSL_METHOD *req_method;
  SSL_SESSION *ssl_sessionid=NULL;
+  ASN1_TIME *certdate;

  /* mark this is being ssl enabled from here on out. */
  conn->ssl.use = TRUE;
@ -596,6 +644,12 @@ Curl_SSLConnect(struct connectdata *conn)
  infof(data, "\t subject: %s\n", str);
  CRYPTO_free(str);

+  certdate = X509_get_notBefore(conn->ssl.server_cert);
+  Curl_ASN1_UTCTIME_output(conn, "\t start date: ", certdate);
+
+  certdate = X509_get_notAfter(conn->ssl.server_cert);
+  Curl_ASN1_UTCTIME_output(conn, "\t expire date: ", certdate);
+
  if (data->set.ssl.verifyhost) {
    char peer_CN[257];
    if (X509_NAME_get_text_by_NID(X509_get_subject_name(conn->ssl.server_cert), NID_commonName, peer_CN, sizeof(peer_CN)) < 0) {