自学教程：C++ ASN1_TIME_print函数代码示例

intX509_CRL_print(BIO *out, X509_CRL *x){	STACK_OF(X509_REVOKED) *rev;	X509_REVOKED *r;	long l;	int i;	char *p;	BIO_printf(out, "Certificate Revocation List (CRL):/n");	l = X509_CRL_get_version(x);	if (l < 0 || l == LONG_MAX)		goto err;	BIO_printf(out, "%8sVersion %lu (0x%lx)/n", "", l + 1, l);	i = OBJ_obj2nid(x->sig_alg->algorithm);	if (X509_signature_print(out, x->sig_alg, NULL) == 0)		goto err;	p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);	if (p == NULL)		goto err;	BIO_printf(out, "%8sIssuer: %s/n", "", p);	free(p);	BIO_printf(out, "%8sLast Update: ", "");	ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));	BIO_printf(out, "/n%8sNext Update: ", "");	if (X509_CRL_get_nextUpdate(x))		ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));	else		BIO_printf(out, "NONE");	BIO_printf(out, "/n");	X509V3_extensions_print(out, "CRL extensions",	    x->crl->extensions, 0, 8);	rev = X509_CRL_get_REVOKED(x);	if (sk_X509_REVOKED_num(rev) > 0)		BIO_printf(out, "Revoked Certificates:/n");	else		BIO_printf(out, "No Revoked Certificates./n");	for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {		r = sk_X509_REVOKED_value(rev, i);		BIO_printf(out, "    Serial Number: ");		i2a_ASN1_INTEGER(out, r->serialNumber);		BIO_printf(out, "/n        Revocation Date: ");		ASN1_TIME_print(out, r->revocationDate);		BIO_printf(out, "/n");		X509V3_extensions_print(out, "CRL entry extensions",		    r->extensions, 0, 8);	}	if (X509_signature_print(out, x->sig_alg, x->signature) == 0)		goto err;	return 1;err:	return 0;}

intverify_callback(int ok, X509_STORE_CTX * ctx){	X509 *err_cert;	int err, depth;	err_cert = X509_STORE_CTX_get_current_cert(ctx);	err = X509_STORE_CTX_get_error(ctx);	depth = X509_STORE_CTX_get_error_depth(ctx);	BIO_printf(bio_err, "depth=%d ", depth);	if (err_cert) {		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),		    0, XN_FLAG_ONELINE);		BIO_puts(bio_err, "/n");	} else		BIO_puts(bio_err, "<no cert>/n");	if (!ok) {		BIO_printf(bio_err, "verify error:num=%d:%s/n", err,		    X509_verify_cert_error_string(err));		if (verify_depth >= depth) {			if (!verify_return_error)				ok = 1;			verify_error = X509_V_OK;		} else {			ok = 0;			verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;		}	}	switch (err) {	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:		BIO_puts(bio_err, "issuer= ");		X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),		    0, XN_FLAG_ONELINE);		BIO_puts(bio_err, "/n");		break;	case X509_V_ERR_CERT_NOT_YET_VALID:	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:		BIO_printf(bio_err, "notBefore=");		ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));		BIO_printf(bio_err, "/n");		break;	case X509_V_ERR_CERT_HAS_EXPIRED:	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:		BIO_printf(bio_err, "notAfter=");		ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));		BIO_printf(bio_err, "/n");		break;	case X509_V_ERR_NO_EXPLICIT_POLICY:		policies_print(bio_err, ctx);		break;	}	if (err == X509_V_OK && ok == 2)		policies_print(bio_err, ctx);	BIO_printf(bio_err, "verify return:%d/n", ok);	return (ok);}

int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag){    STACK_OF(X509_REVOKED) *rev;    X509_REVOKED *r;    const X509_ALGOR *sig_alg;    const ASN1_BIT_STRING *sig;    long l;    int i;    BIO_printf(out, "Certificate Revocation List (CRL):/n");    l = X509_CRL_get_version(x);    if (l >= 0 && l <= 1)        BIO_printf(out, "%8sVersion %ld (0x%lx)/n", "", l + 1, (unsigned long)l);    else        BIO_printf(out, "%8sVersion unknown (%ld)/n", "", l);    X509_CRL_get0_signature(x, &sig, &sig_alg);    BIO_puts(out, "    ");    X509_signature_print(out, sig_alg, NULL);    BIO_printf(out, "%8sIssuer: ", "");    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);    BIO_puts(out, "/n");    BIO_printf(out, "%8sLast Update: ", "");    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));    BIO_printf(out, "/n%8sNext Update: ", "");    if (X509_CRL_get0_nextUpdate(x))        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));    else        BIO_printf(out, "NONE");    BIO_printf(out, "/n");    X509V3_extensions_print(out, "CRL extensions",                            X509_CRL_get0_extensions(x), 0, 8);    rev = X509_CRL_get_REVOKED(x);    if (sk_X509_REVOKED_num(rev) > 0)        BIO_printf(out, "Revoked Certificates:/n");    else        BIO_printf(out, "No Revoked Certificates./n");    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {        r = sk_X509_REVOKED_value(rev, i);        BIO_printf(out, "    Serial Number: ");        i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));        BIO_printf(out, "/n        Revocation Date: ");        ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));        BIO_printf(out, "/n");        X509V3_extensions_print(out, "CRL entry extensions",                                X509_REVOKED_get0_extensions(r), 0, 8);    }    X509_signature_print(out, sig_alg, sig);    return 1;}

EXPORT_C int X509_CRL_print(BIO *out, X509_CRL *x){	STACK_OF(X509_REVOKED) *rev;	X509_REVOKED *r;	long l;	int i, n;	char *p;	BIO_printf(out, "Certificate Revocation List (CRL):/n");	l = X509_CRL_get_version(x);	BIO_printf(out, "%8sVersion %lu (0x%lx)/n", "", l+1, l);	i = OBJ_obj2nid(x->sig_alg->algorithm);	BIO_printf(out, "%8sSignature Algorithm: %s/n", "",				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);	BIO_printf(out,"%8sIssuer: %s/n","",p);	OPENSSL_free(p);	BIO_printf(out,"%8sLast Update: ","");	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));	BIO_printf(out,"/n%8sNext Update: ","");	if (X509_CRL_get_nextUpdate(x))		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));	else BIO_printf(out,"NONE");	BIO_printf(out,"/n");	n=X509_CRL_get_ext_count(x);	X509V3_extensions_print(out, "CRL extensions",						x->crl->extensions, 0, 8);	rev = X509_CRL_get_REVOKED(x);	if(sk_X509_REVOKED_num(rev) > 0)	    BIO_printf(out, "Revoked Certificates:/n");	else BIO_printf(out, "No Revoked Certificates./n");	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {		r = sk_X509_REVOKED_value(rev, i);		BIO_printf(out,"    Serial Number: ");		i2a_ASN1_INTEGER(out,r->serialNumber);		BIO_printf(out,"/n        Revocation Date: ");		ASN1_TIME_print(out,r->revocationDate);		BIO_printf(out,"/n");		X509V3_extensions_print(out, "CRL entry extensions",						r->extensions, 0, 8);	}	X509_signature_print(out, x->sig_alg, x->signature);	return 1;}

/* Verify certificate callback.  Gets invoked by crypto/x509/x509_vfy.c: * internal_verify() after it checks the signature and the time of  * the certificate.  Copied from apps/s_cb.c.  Configured through  * verify_depth and verify_error, initialized in main().  Doesn't * really do much other than print verify errors to the screen and * ignore errors down to verify_depth.  Mainly an example of how * OpenSSL let's your app have a say in certificate validating. * At this point OpenSSL has checked the signature and dates are  * good, so you don't need to do that.  One thing you could do  * here would be to verify the certificate status with an on-line * service, e.g. via OCSP. */int verify_cb(int ok, X509_STORE_CTX *ctx) {  char buf[256];  X509 *err_cert;  int err,depth;  BIO* bio_err;	int verify_error = X509_V_OK, verify_depth = 0;  if ((bio_err=BIO_new(BIO_s_file())) == NULL) return(0);  BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);  err_cert=X509_STORE_CTX_get_current_cert(ctx);  err=X509_STORE_CTX_get_error(ctx);  depth=X509_STORE_CTX_get_error_depth(ctx);  X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);  BIO_printf(bio_err,"depth=%d %s/n",depth,buf);  if (!ok) {    BIO_printf(bio_err,"verify error:num=%d:%s/n",err,               X509_verify_cert_error_string(err));    if (depth > verify_depth) {      verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;    } else {      ok=1;      verify_error=X509_V_OK;    }  }  switch (ctx->error) {  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);    BIO_printf(bio_err,"issuer= %s/n",buf);    break;  case X509_V_ERR_CERT_NOT_YET_VALID:  case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:    BIO_printf(bio_err,"notBefore=");    ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));    BIO_printf(bio_err,"/n");    break;  case X509_V_ERR_CERT_HAS_EXPIRED:  case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:    BIO_printf(bio_err,"notAfter=");    ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));    BIO_printf(bio_err,"/n");    break;  }  BIO_printf(bio_err,"verify return:%d/n",ok);  BIO_free(bio_err);  return(ok);}

int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)	{	char buf[256];	X509 *err_cert;	int err,depth;	err_cert=X509_STORE_CTX_get_current_cert(ctx);	err=	X509_STORE_CTX_get_error(ctx);	depth=	X509_STORE_CTX_get_error_depth(ctx);	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);	BIO_printf(bio_err,"depth=%d %s/n",depth,buf);	if (!ok)		{		BIO_printf(bio_err,"verify error:num=%d:%s/n",err,			X509_verify_cert_error_string(err));		if (verify_depth >= depth)			{			ok=1;			verify_error=X509_V_OK;			}		else			{			ok=0;			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;			}		}	switch (ctx->error)		{	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);		BIO_printf(bio_err,"issuer= %s/n",buf);		break;	case X509_V_ERR_CERT_NOT_YET_VALID:	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:		BIO_printf(bio_err,"notBefore=");		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));		BIO_printf(bio_err,"/n");		break;	case X509_V_ERR_CERT_HAS_EXPIRED:	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:		BIO_printf(bio_err,"notAfter=");		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));		BIO_printf(bio_err,"/n");		break;		}	BIO_printf(bio_err,"verify return:%d/n",ok);	return(ok);	}

/* * openssl crl -in ca.crl -text */void show_crl(char * ca_name){    X509_CRL * crl ;    X509_REVOKED * rev ;    int i, total ;    STACK_OF(X509_REVOKED) * rev_list ;    BIO * out ;    if ((crl = load_crl(ca_name))==NULL) {        printf("No CRL found/n");        return ;    }    rev_list = X509_CRL_get_REVOKED(crl);    total = sk_X509_REVOKED_num(rev_list);    out = BIO_new(BIO_s_file());    out = BIO_new_fp(stdout, BIO_NOCLOSE);    BIO_printf(out, "-- Revoked certificates found in CRL/n");    for (i=0 ; i<total ; i++) {        rev=sk_X509_REVOKED_value(rev_list, i);        BIO_printf(out, "serial: ");        i2a_ASN1_INTEGER(out, rev->serialNumber);        BIO_printf(out, "/n  date: ");        ASN1_TIME_print(out, rev->revocationDate);        BIO_printf(out, "/n/n");    }    X509_CRL_free(crl);    BIO_free_all(out);    return ;}

int getTimeString(ASN1_TIME *time_data, char *buf, int buflen){  int result;  BIO* bio = BIO_new(BIO_s_mem());  if (NULL == bio)    {      result = CERT_MEMORY_ERROR;    }  else    {      BUF_MEM *bufmem;      ASN1_TIME_print(bio, time_data);      BIO_get_mem_ptr(bio, &bufmem); /* is this allocating? */      if (NULL == buf)        {          result = CERT_NULL_BUFFER;        }      else if (bufmem->length >= buflen)        {          result = CERT_BUFFER_LIMIT_EXCEEDED;        }      else        {          memcpy(buf, bufmem->data, bufmem->length);          buf[bufmem->length] = 0;          result = CERT_OK;        }      BIO_free( bio );    }  return result;} /* getTimeString */

const datetime X509Certificate_OpenSSL::convertX509Date(void* time) const{	char* buffer;	BIO* out = BIO_new(BIO_s_mem());	BIO_set_close(out, BIO_CLOSE);	ASN1_TIME* asn1_time = reinterpret_cast<ASN1_TIME*>(time);	ASN1_TIME_print(out, asn1_time);	int sz = BIO_get_mem_data(out, &buffer);	char* dest = new char[sz + 1];	dest[sz] = 0;	memcpy(dest, buffer, sz);	vmime::string t(dest);    	BIO_free(out);	delete dest;	if (t.size() > 0)	{		char month[4] = {0};		char zone[4] = {0};		int day, hour, minute, second, year;		int nrconv = sscanf(t.c_str(), "%s %2d %02d:%02d:%02d %d%s", month, &day, &hour, &minute, &second,&year,zone);		if (nrconv >= 6)			return datetime(year, sg_monthMap.getMonth(vmime::string(month)), day, hour, minute, second);			}	// let datetime try and parse it	return datetime(t);}

static void log_time(const int level, const char *txt, ASN1_TIME *t) {#ifndef HAVE_LIB_CYASSL    char *cp;    BIO *bio;    int n;    if(!t)        return;    bio=BIO_new(BIO_s_mem());    if(!bio)        return;    ASN1_TIME_print(bio, t);    n=BIO_pending(bio);    cp=str_alloc(n+1);    n=BIO_read(bio, cp, n);    if(n<0) {        BIO_free(bio);        str_free(cp);        return;    }    cp[n]='/0';    BIO_free(bio);    s_log(level, "%s: %s", txt, cp);    str_free(cp);#else    s_log(level, "%s: N/A", txt);#endif}

int convertAsn1ToString(ASN1_TIME *notAfter, char buffer[]) {	BIO *bio = BIO_new(BIO_s_mem());	ASN1_TIME_print(bio, notAfter);	BIO_gets(bio, buffer, BUFLEN);	BIO_free(bio);	return 0;}

/* Appends information about an issued certificate to the index file. */int add_to_index(X509 *cert){	FILE *fp = NULL;	BIO *bio = NULL;	X509_NAME *subject = X509_get_subject_name(cert);	long serial = ASN1_INTEGER_get(X509_get_serialNumber(cert));	fp = fopen(CA_PATH(caIni.indexFile), "a");	if (fp != NULL) {		bio = BIO_new_fp(fp, BIO_CLOSE);		/* Write serial */		BIO_printf(bio, "%ld/t", serial);		/* Write notBefore time */		ASN1_TIME_print(bio, X509_get_notBefore(cert));		BIO_printf(bio, "/t");		/* Write subject */		X509_NAME_print_ex(bio, subject, 0, 0);		BIO_printf(bio, "/n");		BIO_free(bio); /* Closes fp too */		return 1;	}	return 0;}

std::string genHumanReadableDateTime(ASN1_TIME* time) {  BIO* bio_stream = BIO_new(BIO_s_mem());  if (bio_stream == nullptr) {    return "";  }  // ANS1_TIME_print's format is: Mon DD HH:MM:SS YYYY GMT  // e.g. Jan 1 00:00:00 1970 GMT (always GMT)  auto buffer_size = 32;  char buffer[32] = {0};  if (!ASN1_TIME_print(bio_stream, time)) {    BIO_free(bio_stream);    return "";  }  // BIO_gets() returns amount of data successfully read or written  // (if the return value is positive) or that no data was successfully  // read or written if the result is 0 or -1.  if (BIO_gets(bio_stream, buffer, buffer_size) <= 0) {    BIO_free(bio_stream);    return "";  }  BIO_free(bio_stream);  return std::string(buffer);}

static	int_VerifyCallBack(	int		ok,	X509_STORE_CTX	*ctx){	char buf[256];	X509 *err_cert;	BIO	*bio_err;	char *ptr = NULL;	char printable[256] = {'/0'};	int length;	bio_err = BIO_new(BIO_s_mem());	err_cert = X509_STORE_CTX_get_current_cert(ctx);	X509_STORE_CTX_get_error(ctx);	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);	switch (ctx->error) {	  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:	  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);		SSL_Error(_d(" Unable to get issuer cert./n issuer= %s/n"), buf);		break;	  case X509_V_ERR_CERT_NOT_YET_VALID:	  case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:		SSL_Error(_d(" Error in cert not_before field./n notBefore="));		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));				length = BIO_get_mem_data(bio_err, &ptr);				memcpy(printable, ptr, length - 1);		SSL_Error("%s/n", printable);		break;	  case X509_V_ERR_CERT_HAS_EXPIRED:	  case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:		SSL_Error(_d(" Error in cert not_after field./n notAfter="));		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));				length = BIO_get_mem_data(bio_err, &ptr);				memcpy(printable, ptr, length - 1);		SSL_Error("%s/n", printable);		break;	}	BIO_free(bio_err);	return(ok);}

static int get_validity(str* res, int local, int bound, sip_msg_t* msg){#define NOT_BEFORE 0#define NOT_AFTER 1    static char buf[1024];    X509* cert;    struct tcp_connection* c;    BUF_MEM* p;    BIO* mem = 0;    ASN1_TIME* date;    if (get_cert(&cert, &c, msg, local) < 0) return -1;    switch (bound) {    case NOT_BEFORE:        date = X509_get_notBefore(cert);        break;    case NOT_AFTER:        date = X509_get_notAfter(cert);        break;    default:        BUG("Unexpected parameter value /"%d/"/n", bound);        goto err;    }    mem = BIO_new(BIO_s_mem());    if (!mem) {        ERR("Error while creating memory BIO/n");        goto err;    }    if (!ASN1_TIME_print(mem, date)) {        ERR("Error while printing certificate date/time/n");        goto err;    }    BIO_get_mem_ptr(mem, &p);    if (p->length >= 1024) {        ERR("Date/time too long/n");        goto err;    }    memcpy(buf, p->data, p->length);    res->s = buf;    res->len = p->length;    BIO_free(mem);    if (!local) X509_free(cert);    tcpconn_put(c);    return 0;err:    if (mem) BIO_free(mem);    if (!local) X509_free(cert);    tcpconn_put(c);    return -1;}

/** * Return a human readable time. */static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm){  char *tmp;  long size;  BIO *out = BIO_new(BIO_s_mem());  ASN1_TIME_print(out, tm);  size = BIO_get_mem_data(out, &tmp);  lua_pushlstring(L, tmp, size);  BIO_free(out);  return 1;}

int tlsops_validity(struct sip_msg *msg, pv_param_t *param,		pv_value_t *res){	static char buf[1024];	X509* cert;	struct tcp_connection* c;	BUF_MEM* p;	BIO* mem = 0;	ASN1_TIME* date;	int my = 0;	if (get_cert(&cert, &c, msg, my) < 0) return -1;	switch (param->pvn.u.isname.name.n) {	case CERT_NOTBEFORE: date = X509_get_notBefore(cert); break;	case CERT_NOTAFTER:  date = X509_get_notAfter(cert);  break;	default:		LM_CRIT("unexpected parameter value /"%d/"/n", param->pvn.u.isname.name.n);		goto err;	}	mem = BIO_new(BIO_s_mem());	if (!mem) {		LM_ERR("failed to create memory BIO/n");		goto err;	}	if (!ASN1_TIME_print(mem, date)) {		LM_ERR("failed to print certificate date/time/n");		goto err;	}		BIO_get_mem_ptr(mem, &p);	if (p->length >= 1024) {		LM_ERR("Date/time too long/n");		goto err;	}	memcpy(buf, p->data, p->length);	res->rs.s = buf;	res->rs.len = p->length;	res->flags = PV_VAL_STR ;	BIO_free(mem);	if (!my) X509_free(cert);	tcpconn_put(c);	return 0;err:	if (mem) BIO_free(mem);	if (!my) X509_free(cert);	tcpconn_put(c);	return pv_get_null(msg, param, res);}

/* Format an ASN1 time to a string. 'buf' must be at least of size * 'NE_SSL_VDATELEN'. */static void asn1time_to_string(ASN1_TIME *tm, char *buf){    BIO *bio;        strncpy(buf, _("[invalid date]"), NE_SSL_VDATELEN-1);        bio = BIO_new(BIO_s_mem());    if (bio) {	if (ASN1_TIME_print(bio, tm))	    BIO_read(bio, buf, NE_SSL_VDATELEN-1);	BIO_free(bio);    }}

std::string genHumanReadableDateTime(ASN1_TIME* time) {  BIO* bio_stream = nullptr;  OSX_OPENSSL(bio_stream = BIO_new(BIO_s_mem()));  if (bio_stream == nullptr) {    return "";  }  // ANS1_TIME_print's format is: Mon DD HH:MM:SS YYYY GMT  // e.g. Jan 1 00:00:00 1970 GMT (always GMT)  auto buffer_size = 32;  char buffer[32] = {0};  OSX_OPENSSL(if (!ASN1_TIME_print(bio_stream, time)) {    BIO_free(bio_stream);    return "";  });

char* SSLConnection::asn1time_to_string (ASN1_UTCTIME * tm) {  static char buf[64];  BIO *bio;  strfcpy (buf, _("[invalid date]"), sizeof (buf));  bio = BIO_new (BIO_s_mem ());  if (bio) {    if (ASN1_TIME_print (bio, tm))      (void) BIO_read (bio, buf, sizeof (buf));    BIO_free (bio);  }  return buf;}

Datum x509_get_not_after(PG_FUNCTION_ARGS) {	bytea *raw;	X509 *cert;	BIO *bio;	char buf[DATE_LEN];	int r;	// check for null value.	raw = PG_GETARG_BYTEA_P(0);	if (raw == NULL || VARSIZE(raw) == VARHDRSZ) {		PG_RETURN_NULL();	}	// read cert	cert = x509_from_bytea(raw);	if (cert == NULL) {		ereport(ERROR,				(errcode(ERRCODE_DATA_CORRUPTED), errmsg(						"unable to decode X509 record")));		PG_RETURN_NULL();	}	// extract 'not after' date	bio = BIO_new(BIO_s_mem());	if ((r = ASN1_TIME_print(bio, X509_get_notAfter(cert))) <= 0) {		X509_free(cert);		BIO_free(bio);		ereport(ERROR,				(errcode(ERRCODE_DATA_CORRUPTED), errmsg("unable to retrieve 'notAfter' timestamp")));		PG_RETURN_NULL();	}	// convert 'not before' date	if ((r = BIO_gets(bio, buf, DATE_LEN)) <= 0) {		X509_free(cert);		BIO_free(bio);		ereport(ERROR,				(errcode(ERRCODE_DATA_CORRUPTED), errmsg("unable to create ISO-8601 timestamp")));		PG_RETURN_NULL();	}	BIO_free(bio);	X509_free(cert);	// FIXME convert ISO-8601 timestamp	PG_RETURN_NULL();}

static voidASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm){	char *expires = NULL;	BIO *inMem = BIO_new (BIO_s_mem ());	ASN1_TIME_print (inMem, tm);	BIO_get_mem_data (inMem, &expires);	buf[0] = 0;	if (expires != NULL)	{		memset (buf, 0, buf_len);		strncpy (buf, expires, 24);	}	BIO_free (inMem);}

static voidASN1_TIME_snprintf (char *buf, int buf_len, ASN1_TIME * tm){	char *expires = NULL;	BIO *inMem = BIO_new (BIO_s_mem ());	ASN1_TIME_print (inMem, tm);	BIO_get_mem_data (inMem, &expires);	buf[0] = 0;	if (expires != NULL)	{		/* expires is not /0 terminated */		safe_strcpy (buf, expires, MIN(24, buf_len));	}	BIO_free (inMem);}

static void log_time(const int level, const char *txt, ASN1_TIME *t) {    char *cp;    BIO *bio;    int n;    if(!t)        return;    bio=BIO_new(BIO_s_mem());    ASN1_TIME_print(bio, t);    n=BIO_pending(bio);    cp=str_alloc(n+1);    n=BIO_read(bio, cp, n);    cp[n]='/0';    BIO_free(bio);    s_log(level, "%s: %s", txt, cp);    str_free(cp);}

/** * Convert ASN1_TIME object to PostgreSQL timestamp. */int asn1Time_to_timestamp(ASN1_TIME *asn1, Timestamp *dt) {    BIO *bio;    char buf[DATE_LEN];    struct tm tm;    struct pg_tm pgtm;    int r;    // extract 'not before' date    bio = BIO_new(BIO_s_mem());    if ((r = ASN1_TIME_print(bio, asn1)) <= 0) {        BIO_free(bio);        ereport(ERROR,                (errcode(ERRCODE_DATA_CORRUPTED), errmsg("unable to retrieve timestamp")));        return 1;    }    // convert 'not before' date    if ((r = BIO_gets(bio, buf, DATE_LEN)) <= 0) {        BIO_free(bio);        ereport(ERROR,                (errcode(ERRCODE_DATA_CORRUPTED), errmsg("unable to create ISO-8601 timestamp")));        return 1;    }    BIO_free(bio);    memset(&tm, 0, sizeof(struct tm));    strptime(buf, "%b %d %T %Y %z", &tm);        pgtm.tm_sec = tm.tm_sec;    pgtm.tm_min = tm.tm_min;    pgtm.tm_hour = tm.tm_hour;    pgtm.tm_mday= tm.tm_mday;    pgtm.tm_mon= tm.tm_mon + 1;    pgtm.tm_year = tm.tm_year + 1900;    pgtm.tm_wday= tm.tm_wday;    pgtm.tm_yday = tm.tm_yday;    pgtm.tm_isdst = tm.tm_isdst;    pgtm.tm_gmtoff = 0;    pgtm.tm_zone = "UTC";    tm2timestamp(&pgtm, 0, NULL, dt);        return 0;}

static int setenv_x509_date(ASN1_TIME *tm, const char *env){	BIO *bio_out=NULL;	BUF_MEM *bptr=NULL;	char tmpbuf[256]="";	if(!(bio_out=BIO_new(BIO_s_mem())))	{		log_out_of_memory(__func__);		return -1;	}	ASN1_TIME_print(bio_out, tm);	BIO_get_mem_ptr(bio_out, &bptr);	BIO_gets(bio_out, tmpbuf, sizeof(tmpbuf)-1);	BIO_free_all(bio_out);	sanitise(tmpbuf);	setenv(env, (char*)tmpbuf, 1);	return 0;}

static int check_certificate_expiry(struct openconnect_info *vpninfo){	ASN1_TIME *notAfter;	const char *reason = NULL;	time_t t;	int i;	if (!vpninfo->cert_x509)		return 0;	t = time(NULL);	notAfter = X509_get_notAfter(vpninfo->cert_x509);	i = X509_cmp_time(notAfter, &t);	if (!i) {		vpn_progress(vpninfo, PRG_ERR,			     _("Error in client cert notAfter field/n"));		return -EINVAL;	} else if (i < 0) {		reason = _("Client certificate has expired at");	} else {		t += vpninfo->cert_expire_warning;		i = X509_cmp_time(notAfter, &t);		if (i < 0)			reason = _("Client certificate expires soon at");	}	if (reason) {		BIO *bp = BIO_new(BIO_s_mem());		BUF_MEM *bm;		const char *expiry = _("<error>");		char zero = 0;		if (bp) {			ASN1_TIME_print(bp, notAfter);			BIO_write(bp, &zero, 1);			BIO_get_mem_ptr(bp, &bm);			expiry = bm->data;		}		vpn_progress(vpninfo, PRG_ERR, "%s: %s/n", reason, expiry);		if (bp)			BIO_free(bp);	}	return 0;}

//.........这里部分代码省略.........				z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);				BIO_printf(STDout,"unsigned char XXX_public_key[%d]={/n",z);				d=(unsigned char *)m;				for (y=0; y<z; y++)					{					BIO_printf(STDout,"0x%02X,",d[y]);					if ((y & 0x0f) == 0x0f)						BIO_printf(STDout,"/n");					}				if (y%16 != 0) BIO_printf(STDout,"/n");				BIO_printf(STDout,"};/n");				z=i2d_X509(x,&d);				BIO_printf(STDout,"unsigned char XXX_certificate[%d]={/n",z);				d=(unsigned char *)m;				for (y=0; y<z; y++)					{					BIO_printf(STDout,"0x%02X,",d[y]);					if ((y & 0x0f) == 0x0f)						BIO_printf(STDout,"/n");					}				if (y%16 != 0) BIO_printf(STDout,"/n");				BIO_printf(STDout,"};/n");				OPENSSL_free(m);				}			else if (text == i)				{				X509_print_ex(out,x,nmflag, certflag);				}			else if (startdate == i)				{				BIO_puts(STDout,"notBefore=");				ASN1_TIME_print(STDout,X509_get_notBefore(x));				BIO_puts(STDout,"/n");				}			else if (enddate == i)				{				BIO_puts(STDout,"notAfter=");				ASN1_TIME_print(STDout,X509_get_notAfter(x));				BIO_puts(STDout,"/n");				}			else if (fingerprint == i)				{				int j;				unsigned int n;				unsigned char md[EVP_MAX_MD_SIZE];				const EVP_MD *fdig = digest;				if (!fdig)					fdig = EVP_sha1();				if (!X509_digest(x,fdig,md,&n))					{					BIO_printf(bio_err,"out of memory/n");					goto end;					}				BIO_printf(STDout,"%s Fingerprint=",						OBJ_nid2sn(EVP_MD_type(fdig)));				for (j=0; j<(int)n; j++)					{					BIO_printf(STDout,"%02X%c",md[j],						(j+1 == (int)n)						?'/n':':');					}				}

int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,                  unsigned long cflag){    long l;    int ret = 0, i;    char *m = NULL, mlch = ' ';    int nmindent = 0;    X509_CINF *ci;    ASN1_INTEGER *bs;    EVP_PKEY *pkey = NULL;    const char *neg;    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {        mlch = '/n';        nmindent = 12;    }    if (nmflags == X509_FLAG_COMPAT)        nmindent = 16;    ci = x->cert_info;    if (!(cflag & X509_FLAG_NO_HEADER)) {        if (BIO_write(bp, "Certificate:/n", 13) <= 0)            goto err;        if (BIO_write(bp, "    Data:/n", 10) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_VERSION)) {        l = X509_get_version(x);        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)/n", "", l + 1, l) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_SERIAL)) {        if (BIO_write(bp, "        Serial Number:", 22) <= 0)            goto err;        bs = X509_get_serialNumber(x);        if (bs->length < (int)sizeof(long)            || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) {            l = ASN1_INTEGER_get(bs);            if (bs->type == V_ASN1_NEG_INTEGER) {                l = -l;                neg = "-";            } else                neg = "";            if (BIO_printf(bp, " %s%lu (%s0x%lx)/n", neg, l, neg, l) <= 0)                goto err;        } else {            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";            if (BIO_printf(bp, "/n%12s%s", "", neg) <= 0)                goto err;            for (i = 0; i < bs->length; i++) {                if (BIO_printf(bp, "%02x%c", bs->data[i],                               ((i + 1 == bs->length) ? '/n' : ':')) <= 0)                    goto err;            }        }    }    if (!(cflag & X509_FLAG_NO_SIGNAME)) {        if (X509_signature_print(bp, ci->signature, NULL) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_ISSUER)) {        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)            goto err;        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)            < 0)            goto err;        if (BIO_write(bp, "/n", 1) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_VALIDITY)) {        if (BIO_write(bp, "        Validity/n", 17) <= 0)            goto err;        if (BIO_write(bp, "            Not Before: ", 24) <= 0)            goto err;        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))            goto err;        if (BIO_write(bp, "/n            Not After : ", 25) <= 0)            goto err;        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))            goto err;        if (BIO_write(bp, "/n", 1) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_SUBJECT)) {        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)            goto err;        if (X509_NAME_print_ex            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)            goto err;        if (BIO_write(bp, "/n", 1) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_PUBKEY)) {//.........这里部分代码省略.........

int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,                  unsigned long cflag){    long l;    int ret = 0, i;    char *m = NULL, mlch = ' ';    int nmindent = 0;    ASN1_INTEGER *bs;    EVP_PKEY *pkey = NULL;    const char *neg;    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {        mlch = '/n';        nmindent = 12;    }    if (nmflags == X509_FLAG_COMPAT)        nmindent = 16;    if (!(cflag & X509_FLAG_NO_HEADER)) {        if (BIO_write(bp, "Certificate:/n", 13) <= 0)            goto err;        if (BIO_write(bp, "    Data:/n", 10) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_VERSION)) {        l = X509_get_version(x);        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)/n", "", l + 1, l) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_SERIAL)) {        if (BIO_write(bp, "        Serial Number:", 22) <= 0)            goto err;        bs = X509_get_serialNumber(x);        if (bs->length <= (int)sizeof(long)) {                ERR_set_mark();                l = ASN1_INTEGER_get(bs);                ERR_pop_to_mark();        } else {            l = -1;        }        if (l != -1) {            if (bs->type == V_ASN1_NEG_INTEGER) {                l = -l;                neg = "-";            } else                neg = "";            if (BIO_printf(bp, " %s%lu (%s0x%lx)/n", neg, l, neg, l) <= 0)                goto err;        } else {            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";            if (BIO_printf(bp, "/n%12s%s", "", neg) <= 0)                goto err;            for (i = 0; i < bs->length; i++) {                if (BIO_printf(bp, "%02x%c", bs->data[i],                               ((i + 1 == bs->length) ? '/n' : ':')) <= 0)                    goto err;            }        }    }    if (!(cflag & X509_FLAG_NO_SIGNAME)) {        X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_ISSUER)) {        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)            goto err;        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)            < 0)            goto err;        if (BIO_write(bp, "/n", 1) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_VALIDITY)) {        if (BIO_write(bp, "        Validity/n", 17) <= 0)            goto err;        if (BIO_write(bp, "            Not Before: ", 24) <= 0)            goto err;        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))            goto err;        if (BIO_write(bp, "/n            Not After : ", 25) <= 0)            goto err;        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))            goto err;        if (BIO_write(bp, "/n", 1) <= 0)            goto err;    }    if (!(cflag & X509_FLAG_NO_SUBJECT)) {        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)            goto err;        if (X509_NAME_print_ex            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)            goto err;//.........这里部分代码省略.........