From bogus@does.not.exist.com  Sun Jan  6 08:40:24 2013
From: bogus@does.not.exist.com ()
Date: Sun, 06 Jan 2013 07:40:24 -0000
Subject: No subject
Message-ID: <mailman.0.1357458024.4900.pyopenssl-users@python.org>

int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str);
int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
#if 0
time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
#endif


>=20
> The X509.has_expired method compares the notAfter value to "now".
>=20
> I'm not sure what makes sense to do here. I suppose we could add some
> sort of print_notBefore/print_notAfter methods to X509. Another idea
> would be to add a wrapper type for ASN1_TIME (crypto.ASN1Time?
> asn1.Time?) that could have a __str__ for the printing, and some
> comparison methods...
>=20
> I'm loathe to do anything dramatic though, since I'm trying to get a
> new version out the door before Debian sarge is released. ;-)
>=20
> Ideas and suggestions are most welcome.

Well, I had a quick look at what m2crypto does, and found out there is a
get_not_before and get_not_after. But they return strings, and I guess yo=
u are
left to parse the strings yourself in python. I believe the returned time=
s are
always GMT so it may not be that complicated.

I guess an ASN1_TIME type would make sense. Have its __str__ method use
openssl's ASN1_TIME_print, and have a to_epoch() method that would use
python's time conversion functions. Probably a warning in the documentati=
on
that this method is not openssl-"pure".

Misa