Topic: notBefore & notAfter


I'd like to gain access to the dates associated with a peer-certificate, yet can't yet find a way to do that using wolfSSL. How should I go about that? 

Also, are the notBefore and notAfter dates of a client-certificate tested (and potentially rejected) via a SSL_CTX_set_verify(..., SSL_VERIFY_PEER | SSL_FAIL_IF_NO_PEER_CERT); ?

If the answer is "no" to both, how can I ensure a client-certificate presented (to a server) has not expired?

thanks much;


Re: notBefore & notAfter

Hi topher,

Similar to your other thread about certificate serial numbers (, wolfSSL doesn't provide a way to directly access peer-certificate dates.  Is this something that you need?

wolfSSL does all verification internally, including notBefore and notAfter dates.  The SSL_CTX_set_verify() function allows you to set options for how the verification is done.  Setting SSL_VERIFY_PEER will cause the server to send a certificate request to the client.


Re: notBefore & notAfter

ok, thanks chrisc