diff options
| author | William Edmisten <wcedmisten@gmail.com> | 2021-03-01 18:33:29 -0500 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-06-11 12:39:46 +0200 |
| commit | 8c5bff2220c4f39b48660afda40005871f53250d (patch) | |
| tree | bc1d608ac356c10b1e460a296f4200dd310505e3 /doc | |
| parent | 3eb4b5bfe66ba0911fffa05ff1e3a00f4c54d641 (diff) | |
| download | openssl-new-8c5bff2220c4f39b48660afda40005871f53250d.tar.gz | |
Add support for ISO 8601 datetime format
Fixes #5430
Added the configuration file option "date_opt" to the openssl applications ca,
crl and x509.
Added ASN1_TIME_print_ex which supports the new datetime format using the
flag ASN1_DTFLGS_ISO8601
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14384)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-ca.pod.in | 6 | ||||
| -rw-r--r-- | doc/man1/openssl-crl.pod.in | 6 | ||||
| -rw-r--r-- | doc/man1/openssl-x509.pod.in | 6 | ||||
| -rw-r--r-- | doc/man3/ASN1_TIME_set.pod | 15 |
4 files changed, 28 insertions, 5 deletions
diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index fc0b00c032..1d497e848e 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -44,6 +44,7 @@ B<openssl> B<ca> [B<-inform> B<DER>|<PEM>] [B<-out> I<file>] [B<-notext>] +[B<-dateopt>] [B<-outdir> I<dir>] [B<-infiles>] [B<-spkac> I<file>] @@ -209,6 +210,11 @@ self-signed certificate. Don't output the text form of a certificate to the output file. +=item B<-dateopt> + +Specify the date output format. Values are: rfc_822 and iso_8601. +Defaults to rfc_822. + =item B<-startdate> I<date> This allows the start date to be explicitly set. The format of the diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in index e642f5c117..7e15f6445a 100644 --- a/doc/man1/openssl-crl.pod.in +++ b/doc/man1/openssl-crl.pod.in @@ -13,6 +13,7 @@ B<openssl> B<crl> [B<-outform> B<DER>|B<PEM>] [B<-key> I<filename>] [B<-keyform> B<DER>|B<PEM>|B<P12>] +[B<-dateopt>] [B<-text>] [B<-in> I<filename>] [B<-out> I<filename>] @@ -81,6 +82,11 @@ Output a comparison of the main CRL and the one specified here. Corrupt the signature before writing it; this can be useful for testing. +=item B<-dateopt> + +Specify the date output format. Values are: rfc_822 and iso_8601. +Defaults to rfc_822. + =item B<-text> Print out the CRL in text form. diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 65b6487481..0e073d6b05 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -24,6 +24,7 @@ B<openssl> B<x509> [B<-outform> B<DER>|B<PEM>] [B<-nocert>] [B<-noout>] +[B<-dateopt>] [B<-text>] [B<-certopt> I<option>] [B<-fingerprint>] @@ -208,6 +209,11 @@ but are described in the L</Trust Settings> section. =over 4 +=item B<-dateopt> + +Specify the date output format. Values are: rfc_822 and iso_8601. +Defaults to rfc_822. + =item B<-text> Prints out the certificate in text form. Full details are printed including the diff --git a/doc/man3/ASN1_TIME_set.pod b/doc/man3/ASN1_TIME_set.pod index 3226049781..66d9fefe1a 100644 --- a/doc/man3/ASN1_TIME_set.pod +++ b/doc/man3/ASN1_TIME_set.pod @@ -9,7 +9,7 @@ ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, -ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, +ASN1_TIME_print, ASN1_TIME_print_ex, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, @@ -44,6 +44,7 @@ ASN1_TIME_dup, ASN1_UTCTIME_dup, ASN1_GENERALIZEDTIME_dup - ASN.1 Time functions int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); + int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags); int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); @@ -107,6 +108,9 @@ If the time structure has invalid format it prints out "Bad time value" and returns an error. The output for generalized time may include a fractional part following the second. +ASN1_TIME_print_ex() provides I<flags> to specify the output format of the +datetime. This can be either B<ASN1_DTFLGS_RFC822> or B<ASN1_DTFLGS_ISO8601>. + ASN1_TIME_to_tm() converts the time I<s> to the standard I<tm> structure. If I<s> is NULL, then the current time is converted. The output time is GMT. The I<tm_sec>, I<tm_min>, I<tm_hour>, I<tm_mday>, I<tm_wday>, I<tm_yday>, @@ -177,12 +181,13 @@ either format. =head1 BUGS -ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() -do not print out the timezone: it either prints out "GMT" or nothing. But all +ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() do +not print out the timezone: it either prints out "GMT" or nothing. But all certificates complying with RFC5280 et al use GMT anyway. -ASN1_TIME_print(), ASN1_UTCTIME_print() and ASN1_GENERALIZEDTIME_print() -do not distinguish if they fail because of an I/O error or invalid time format. +ASN1_TIME_print(), ASN1_TIME_print_ex(), ASN1_UTCTIME_print() and +ASN1_GENERALIZEDTIME_print() do not distinguish if they fail because +of an I/O error or invalid time format. Use the ASN1_TIME_normalize() function to normalize the time value before printing to get GMT results. |