int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
in=x->cert_info->validity->notAfter;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->cert_info->validity->notAfter);
x->cert_info->validity->notAfter=in;
}
}
return(in != NULL);
}
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
{
ASN1_TIME *in;
if (x == NULL) return(0);
in=x->crl->nextUpdate;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->crl->nextUpdate);
x->crl->nextUpdate=in;
}
}
return(in != NULL);
}
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
{
ASN1_TIME *in;
if (x == NULL) return(0);
in=x->revocationDate;
if (in != tm)
{
in=M_ASN1_TIME_dup(tm);
if (in != NULL)
{
M_ASN1_TIME_free(x->revocationDate);
x->revocationDate=in;
}
}
return(in != NULL);
}
int ocspd_load_ca_crl ( CA_LIST_ENTRY *a, OCSPD_CONFIG *conf ) {
if(!a) return(-1);
if( conf->debug )
PKI_log_debug( "ACQUIRING WRITE LOCK -- BEGIN CRL RELOAD");
PKI_RWLOCK_write_lock ( &conf->crl_lock );
// pthread_rwlock_wrlock( &crl_lock );
if( conf->debug )
PKI_log_debug( "INFO::LOCK ACQUIRED (CRL RELOAD)");
if( a->crl ) PKI_X509_CRL_free ( a->crl );
a->crl = NULL;
a->crl_list = NULL;
if( a->crl_url == NULL ) {
PKI_log_err ( "Missing CRL URL for CA %s", a->ca_id );
return(-1);
}
/* We now re-load the CRL */
if( (a->crl = PKI_X509_CRL_get_url( a->crl_url, NULL, NULL)) == NULL ) {
PKI_log_err ("Can not reload CRL [ %s ] for CA [%s]",
a->crl_url->addr, a->ca_id);
PKI_RWLOCK_release_write ( &conf->crl_lock );
return(-1);
}
if( conf->verbose )
PKI_log( PKI_LOG_INFO, "INFO::CRL successfully reloaded [ %s ]",
a->ca_id );
/* Let's get the CRLs entries, if any */
if( ocspd_build_crl_entries_list ( a, a->crl ) == NULL ) {
if( conf->verbose )
PKI_log(PKI_LOG_INFO, "INFO::No Entries for CRL [ %s ]",
a->ca_id );
};
if(conf->verbose)
PKI_log( PKI_LOG_INFO, "INFO::CRL loaded successfully [ %s ]",
a->ca_id );
/* If previous values are there, then we clear them up */
if ( a->lastUpdate ) ASN1_TIME_free(a->lastUpdate);
if ( a->nextUpdate ) ASN1_TIME_free(a->nextUpdate);
/* Get new values from the recently loaded CRL */
a->lastUpdate = M_ASN1_TIME_dup (
PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_LASTUPDATE ));
a->nextUpdate = M_ASN1_TIME_dup (
PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_NEXTUPDATE ));
if(conf->debug) PKI_log_debug("RELEASING LOCK (CRL RELOAD)");
PKI_RWLOCK_release_write ( &conf->crl_lock );
// pthread_rwlock_unlock ( &crl_lock );
if(conf->debug) PKI_log_debug ( "LOCK RELEASED --END--");
/* Now check the CRL validity */
a->crl_status = check_crl_validity( a, conf );
if( a->crl_status == CRL_OK ) {
PKI_log(PKI_LOG_ALWAYS, "%s's CRL reloaded (OK)", a->ca_id);
}
return(0);
}
