return get_name_part (X509_get_subject_name (_certificate), NID_organizationalUnitName);
}
+static
+struct tm
+convert_time (ASN1_TIME const * time)
+{
+ struct tm t;
+ char const * s = (char const *) time->data;
+
+ if (time->type == V_ASN1_UTCTIME) {
+ sscanf(s, "%2d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ if (t.tm_year < 70) {
+ t.tm_year += 100;
+ }
+ } else if (time->type == V_ASN1_GENERALIZEDTIME) {
+ sscanf(s, "%4d%2d%2d%2d%2d%2d", &t.tm_year, &t.tm_mon, &t.tm_mday, &t.tm_hour, &t.tm_min, &t.tm_sec);
+ t.tm_year -= 1900;
+ }
+
+ t.tm_mon--;
+
+ return t;
+}
+
+struct tm
+Certificate::not_before () const
+{
+ DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ return convert_time(X509_get0_notBefore(_certificate));
+#else
+ return convert_time(X509_get_notBefore(_certificate));
+#endif
+}
+
+struct tm
+Certificate::not_after () const
+{
+ DCP_ASSERT (_certificate);
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
+ return convert_time(X509_get0_notAfter(_certificate));
+#else
+ return convert_time(X509_get_notAfter(_certificate));
+#endif
+}
+
string
Certificate::serial () const
{
uint8_t* p = buffer;
#if OPENSSL_VERSION_NUMBER > 0x10100000L
-#warning "Using new OpenSSL API"
i2d_re_X509_tbs(_certificate, &p);
#else
i2d_X509_CINF (_certificate->cert_info, &p);
return _public_key;
}
+static bool string_is_utf8 (X509_NAME* n, int nid)
+{
+ int p = -1;
+ p = X509_NAME_get_index_by_NID (n, nid, p);
+ return p != -1 && X509_NAME_ENTRY_get_data(X509_NAME_get_entry(n, p))->type == V_ASN1_UTF8STRING;
+}
+
+bool
+Certificate::has_utf8_strings () const
+{
+ X509_NAME* n = X509_get_subject_name (_certificate);
+ return string_is_utf8(n, NID_commonName) ||
+ string_is_utf8(n, NID_organizationName) ||
+ string_is_utf8(n, NID_organizationalUnitName);
+}
+
bool
dcp::operator== (Certificate const & a, Certificate const & b)
{