Introduction
The example 'C' program set_asn1_time.c demonstrates how to create the date and time for digital signing of certificates, using the OpenSSL library functions.
Example Code Listing
/* ------------------------------------------------------------ *
* file: set_asn1_time.c *
* purpose: Example how to set a specific ASN1 date & time *
* author: 11/28/2012 Frank4DD *
* *
* gcc -o set_asn1_time set_asn1_time.c -lssl -lcrypto *
* ------------------------------------------------------------ */
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/asn1t.h>
#include <time.h>
int main() {
const char timestr[] = "20121018162433Z";
BIO *outbio = NULL;
ASN1_TIME *str_asn1time, *now_asn1time;
/* ---------------------------------------------------------- *
* These function calls initialize openssl for correct work. *
* ---------------------------------------------------------- */
OpenSSL_add_all_algorithms();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
/* ---------------------------------------------------------- *
* Create the Input/Output BIO's. *
* ---------------------------------------------------------- */
outbio = BIO_new(BIO_s_file());
outbio = BIO_new_fp(stdout, BIO_NOCLOSE);
/* ---------------------------------------------------------- *
* Set the ASN1 date & time structure *
* ---------------------------------------------------------- */
str_asn1time = ASN1_TIME_new();
now_asn1time = ASN1_TIME_new();
if (! ASN1_TIME_set_string(str_asn1time, timestr))
BIO_printf(outbio, "Error string is invalid, should be YYYYMMDDHHMMSSZ\n");
ASN1_TIME_set(now_asn1time, time(NULL));
/* ---------------------------------------------------------- *
* Print the ASN1 date and time here *
* ---------------------------------------------------------- */
BIO_printf(outbio, "Set ASN1 date & time from String: ");
if (!ASN1_TIME_print(outbio, str_asn1time))
BIO_printf(outbio, "Error printing ASN1 time\n");
else
BIO_printf(outbio, "\n");
BIO_printf(outbio, "Set ASN1 date & time from time(): ");
if (!ASN1_TIME_print(outbio, now_asn1time))
BIO_printf(outbio, "Error printing ASN1 time\n");
else
BIO_printf(outbio, "\n");
/* ---------------------------------------------------------- *
* Free up all structures *
* ---------------------------------------------------------- */
ASN1_TIME_free(str_asn1time);
ASN1_TIME_free(now_asn1time);
BIO_free_all(outbio);
exit(0);
}Compiling the Program
Compile the test program with:
fm@susie114:~> gcc set_asn1_time.c -o set_asn1_time -lssl -lcrypto
Example Output
fm@susie114:~> ./set_asn1_time Set ASN1 date & time from String: Oct 18 16:24:33 2012 GMT Set ASN1 date & time from time(): Nov 28 12:50:48 2012 GMT
Comments
With the ability to use date strings, it is no problem to generate certificates with implausible dates. With the date string format using a four-digit year field, we get a maximum range from year zero to year 9999. Below is a example of such a certificate:
Download: 9999-years-rsa-cert.pem.
# openssl x509 -in source/PEM/certs/9999-years-rsa-cert.pem -noout -startdate -enddate notBefore=Jan 1 00:00:01 0 GMT notAfter=Dec 31 23:59:59 9999 GMT
Most current operating systems will be troubled when they see this cert, here is an example screenshot from Windows 7.
It is sensible to restrict certificate validity values to a small, plausible date range, i.e. between 1970 and the year 2100 (unless we also need to worry about the 2038 problem occuring on certain 32bit OS).
