Fix typo in rsautl.

Add support for settable verify time in X509_verify_cert().

Document rsautl utility.

3 files changed, 35 insertions, 6 deletions

diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index db80eda8e0..b95a2eec0b 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -800,7 +800,9 @@ RSA *RSAPrivateKey_dup(RSA *rsa);
 
 #endif /* !SSLEAY_MACROS */
 
+int		X509_cmp_time(ASN1_TIME *s, time_t *t);
 int		X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
 ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
 
 const char *	X509_get_default_cert_area(void );
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 07a8bd44b6..b8fb24a1d6 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -429,6 +429,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 	int i,ok=0,n;
 	X509 *xs,*xi;
 	EVP_PKEY *pkey=NULL;
+	time_t *ptime;
 	int (*cb)();
 
 	cb=ctx->verify_cb;
@@ -438,8 +439,9 @@ static int internal_verify(X509_STORE_CTX *ctx)
 	ctx->error_depth=n-1;
 	n--;
 	xi=sk_X509_value(ctx->chain,n);
-	if (X509_NAME_cmp(X509_get_subject_name(xi),
-		X509_get_issuer_name(xi)) == 0)
+	if(ctx->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->check_time;
+	else ptime = NULL;
+	if (ctx->check_issued(ctx, xi, xi))
 		xs=xi;
 	else
 		{
@@ -485,7 +487,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 			EVP_PKEY_free(pkey);
 			pkey=NULL;
 
-			i=X509_cmp_current_time(X509_get_notBefore(xs));
+			i=X509_cmp_time(X509_get_notBefore(xs), ptime);
 			if (i == 0)
 				{
 				ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
@@ -503,7 +505,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 			xs->valid=1;
 			}
 
-		i=X509_cmp_current_time(X509_get_notAfter(xs));
+		i=X509_cmp_time(X509_get_notAfter(xs), ptime);
 		if (i == 0)
 			{
 			ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -540,6 +542,11 @@ end:
 	}
 
 int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+	return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 	{
 	char *str;
 	ASN1_TIME atm;
@@ -594,7 +601,7 @@ int X509_cmp_current_time(ASN1_TIME *ctm)
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 
-	X509_gmtime_adj(&atm,-offset*60);
+	X509_time_adj(&atm,-offset*60, cmp_time);
 
 	if(ctm->type == V_ASN1_UTCTIME)
 		{
@@ -614,10 +621,17 @@ int X509_cmp_current_time(ASN1_TIME *ctm)
 	}
 
 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+	return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
 	{
 	time_t t;
 
-	time(&t);
+	if(in_tm) t = *in_tm;
+	else time(&t);
+
 	t+=adj;
 	if(!s) return ASN1_TIME_set(s, t);
 	if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
@@ -855,6 +869,17 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
 	}
 
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
+	{
+		ctx->flags |= flags;
+	}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
+	{
+		ctx->check_time = t;
+		ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
+	}
+
 IMPLEMENT_STACK_OF(X509)
 IMPLEMENT_ASN1_SET_OF(X509)
 
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 71d56bb6dc..ba8cac51be 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -380,6 +380,8 @@ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 				int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
 
 #ifdef  __cplusplus
 }