Topic: Using notBefore(), notAfter()

In order to print some information on a received certificate in an application using SSL, I'm looking at the wolfSSL_X509_notBefore() and wolfSSL_X509_notAfter() functions.

I'd like to use these to print out the received certificate activation and expiration dates.

I cannot find any information on how to interpret the "byte pointer" returned by these functions and convert it to a human readable time, either in the manual or the examples.

What is the format, and how should it be converted to a readable string?

Share

Re: Using notBefore(), notAfter()

Hi walter.kicinski,

You can grab the not before and not after dates with these API's:

         char* nBefore;
         char* nAfter;
         nBefore = wolfSSL_X509_notBefore(x509);                    
         nAfter  = wolfSSL_X509_notAfter(x509);

/* echo them out with: */
         sz = strlen(nBefore);                                                    
         for (i = 0; i < sz; i++) {                                               
             printf("%02X", nBefore[i]);                                          
         }
/* ... same for nAfter ... */

The information stored at the pointer is just ASN1 formatted information. The date before and date after are setup like this:

170D3136303831313230303733375A
type - length - YY - MM - DD - HH - MM - SS - UTC

So let's break it down:

17 0D 31 36 30 38 31 31 32 30 30 37 33 37 5A
17 0D - these are the ASN1 information denoting "type" and "length" throw these away (pointer + 2)

31 36 30 38 31 31 32 30 30 37 33 37 - The leading bit here is irrelevant so only grab every other one

5A - UTC - throw away

Now if we look at the section we care about once the ASN1 portions are removed we will see it is already somewhat human-readable we just need to format it by throwing away the leading bit and seperating it into the correct categories

31 36 30 38 31 31 32 30 30 37 33 37 - The leading bit here is irrelevant so only grab every other one
 1  6  0  8  1  1  2  0  0  7  3  7
 Y  Y  M  M  D  D  H  H  M  M  S  S

So the date is: 16/08/11 20:07:37 in UTC time

                   2016 Aug 11 at 20:07:37

Hope this helps!

Regards,

Kaleb

Re: Using notBefore(), notAfter()

Thanks Kaleb, that's extremely helpful.  I've been able to get certificate dates in readable format now.

It might be nice if a note was added to the WolfSSL manual API reference on the return values for these functions, that the data pointed to is ASN1 format, and some information on where that format definition might be found.

Cheers,
Walt

Share

Re: Using notBefore(), notAfter()

Hi walter.kicinski,

Thank you for the suggestion! I have added it to my TO-DO list and will try to get that done as soon as possible!


Cheers,

Kaleb