From 894b47da9b15680c60165dfe6f45a1625fa40c63 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 11 Sep 2001 10:00:49 +0000
Subject: [PATCH] ouputs the start and expire dates of the server certificate
 on verbose output

---
 lib/ssluse.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/lib/ssluse.c b/lib/ssluse.c
index a3cf492b9..14b926451 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -472,6 +472,53 @@ static int Store_SSL_Session(struct connectdata *conn)
   return 0;
 }
 
+static int Curl_ASN1_UTCTIME_output(struct connectdata *conn,
+                                    const char *prefix,
+                                    ASN1_UTCTIME *tm)
+{
+  char *asn1_string;
+  int gmt=FALSE;
+  int i;
+  int year=0,month=0,day=0,hour=0,minute=0,second=0;
+  struct SessionHandle *data = conn->data;
+
+  if(!data->set.verbose)
+    return 0;
+
+  i=tm->length;
+  asn1_string=(char *)tm->data;
+
+  if (i < 10)
+    return 1;
+  if (asn1_string[i-1] == 'Z')
+    gmt=TRUE;
+  for (i=0; i<10; i++)
+    if ((asn1_string[i] > '9') || (asn1_string[i] < '0'))
+      return 2;
+
+  year= (asn1_string[0]-'0')*10+(asn1_string[1]-'0');
+  if (year < 50)
+    year+=100;
+
+  month= (asn1_string[2]-'0')*10+(asn1_string[3]-'0');
+  if ((month > 12) || (month < 1))
+    return 3;
+
+  day= (asn1_string[4]-'0')*10+(asn1_string[5]-'0');
+  hour= (asn1_string[6]-'0')*10+(asn1_string[7]-'0');
+  minute=  (asn1_string[8]-'0')*10+(asn1_string[9]-'0');
+
+  if ( (asn1_string[10] >= '0') && (asn1_string[10] <= '9') &&
+       (asn1_string[11] >= '0') && (asn1_string[11] <= '9'))
+    second= (asn1_string[10]-'0')*10+(asn1_string[11]-'0');
+  
+  infof(data,
+        "%s%04d-%02d-%02d %02d:%02d:%02d %s\n",
+        prefix, year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
+
+  return 0;
+}
+
 #endif  
 
 /* ====================================================== */
@@ -486,6 +533,7 @@ Curl_SSLConnect(struct connectdata *conn)
   char * str;
   SSL_METHOD *req_method;
   SSL_SESSION *ssl_sessionid=NULL;
+  ASN1_TIME *certdate;
 
   /* mark this is being ssl enabled from here on out. */
   conn->ssl.use = TRUE;
@@ -596,6 +644,12 @@ Curl_SSLConnect(struct connectdata *conn)
   infof(data, "\t subject: %s\n", str);
   CRYPTO_free(str);
 
+  certdate = X509_get_notBefore(conn->ssl.server_cert);
+  Curl_ASN1_UTCTIME_output(conn, "\t start date: ", certdate);
+
+  certdate = X509_get_notAfter(conn->ssl.server_cert);
+  Curl_ASN1_UTCTIME_output(conn, "\t expire date: ", certdate);
+
   if (data->set.ssl.verifyhost) {
     char peer_CN[257];
     if (X509_NAME_get_text_by_NID(X509_get_subject_name(conn->ssl.server_cert), NID_commonName, peer_CN, sizeof(peer_CN)) < 0) {