Beispiel #1
0
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
	{
	ASN1_TIME *in;

	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
	in=x->cert_info->validity->notAfter;
	if (in != tm)
		{
		in=M_ASN1_TIME_dup(tm);
		if (in != NULL)
			{
			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
			x->cert_info->validity->notAfter=in;
			}
		}
	return(in != NULL);
	}
Beispiel #2
0
int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
	{
	ASN1_TIME *in;

	if (x == NULL) return(0);
	in=x->crl->nextUpdate;
	if (in != tm)
		{
		in=M_ASN1_TIME_dup(tm);
		if (in != NULL)
			{
			M_ASN1_TIME_free(x->crl->nextUpdate);
			x->crl->nextUpdate=in;
			}
		}
	return(in != NULL);
	}
Beispiel #3
0
int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
{
    ASN1_TIME *in;

    if (x == NULL) return(0);
    in=x->revocationDate;
    if (in != tm)
    {
        in=M_ASN1_TIME_dup(tm);
        if (in != NULL)
        {
            M_ASN1_TIME_free(x->revocationDate);
            x->revocationDate=in;
        }
    }
    return(in != NULL);
}
Beispiel #4
0
int ocspd_load_ca_crl ( CA_LIST_ENTRY *a, OCSPD_CONFIG *conf ) {

	if(!a) return(-1);

	if( conf->debug )
		PKI_log_debug( "ACQUIRING WRITE LOCK -- BEGIN CRL RELOAD");

	PKI_RWLOCK_write_lock ( &conf->crl_lock );
	// pthread_rwlock_wrlock( &crl_lock );
	if( conf->debug )
		PKI_log_debug( "INFO::LOCK ACQUIRED (CRL RELOAD)");

	if( a->crl ) PKI_X509_CRL_free ( a->crl );

	a->crl = NULL;
	a->crl_list = NULL;

	if( a->crl_url == NULL ) {
		 PKI_log_err ( "Missing CRL URL for CA %s", a->ca_id );
		return(-1);
	}

	/* We now re-load the CRL */
	if( (a->crl = PKI_X509_CRL_get_url( a->crl_url, NULL, NULL)) == NULL ) {
		PKI_log_err ("Can not reload CRL [ %s ] for CA [%s]", 
						a->crl_url->addr, a->ca_id);
		PKI_RWLOCK_release_write ( &conf->crl_lock );
		return(-1);
	}

	if( conf->verbose )
		PKI_log( PKI_LOG_INFO, "INFO::CRL successfully reloaded [ %s ]",
			a->ca_id );

	/* Let's get the CRLs entries, if any */
	if( ocspd_build_crl_entries_list ( a, a->crl ) == NULL ) { 
		if( conf->verbose )
			PKI_log(PKI_LOG_INFO, "INFO::No Entries for CRL [ %s ]",
				a->ca_id );
	};

	if(conf->verbose)
		PKI_log( PKI_LOG_INFO, "INFO::CRL loaded successfully [ %s ]", 
								a->ca_id );

	/* If previous values are there, then we clear them up */
	if ( a->lastUpdate ) ASN1_TIME_free(a->lastUpdate);
	if ( a->nextUpdate ) ASN1_TIME_free(a->nextUpdate);

	/* Get new values from the recently loaded CRL */
	a->lastUpdate = M_ASN1_TIME_dup (
		PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_LASTUPDATE ));
	a->nextUpdate = M_ASN1_TIME_dup (
		PKI_X509_CRL_get_data ( a->crl, PKI_X509_DATA_NEXTUPDATE ));

	if(conf->debug) PKI_log_debug("RELEASING LOCK (CRL RELOAD)");
	PKI_RWLOCK_release_write ( &conf->crl_lock );
	// pthread_rwlock_unlock ( &crl_lock );
	if(conf->debug) PKI_log_debug ( "LOCK RELEASED --END--");

	/* Now check the CRL validity */
	a->crl_status = check_crl_validity( a, conf );

	if( a->crl_status == CRL_OK ) {
		PKI_log(PKI_LOG_ALWAYS, "%s's CRL reloaded (OK)", a->ca_id);
	}

	return(0);
}