[Fedora-directory-commits] mod_nss nss_engine_vars.c, 1.7, 1.8 nss_engine_kernel.c, 1.6, 1.7

Robert Crittenden (rcritten) fedora-directory-commits at redhat.com
Wed Aug 9 19:31:20 UTC 2006 

Author: rcritten

Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29576

Modified Files:
	nss_engine_vars.c nss_engine_kernel.c 
Log Message:
Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700

* nss_engine_vars.c (nss_var_lookup_ssl_cert_remain): New function.
  (nss_var_lookup_nss_cert): Support _V_REMAIN suffix for
  SSL_{SERVER,CLIENT} as number of days until certificate expires.

* nss_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if +StdEnvVars is
  configured.



Index: nss_engine_vars.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_vars.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- nss_engine_vars.c	3 Aug 2006 13:29:05 -0000	1.7
+++ nss_engine_vars.c	9 Aug 2006 19:31:18 -0000	1.8
@@ -32,6 +32,7 @@
 static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
 static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
 static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs);
 static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
 static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
 static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c);
@@ -314,6 +315,10 @@
     else if (strcEQ(var, "V_END")) {
         result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER);
     }
+    else if (strcEQ(var, "V_REMAIN")) {
+        result = ssl_var_lookup_ssl_cert_remain(p, xs);
+        resdup = FALSE;
+    }
     else if (strcEQ(var, "S_DN")) {
         xsname = CERT_NameToAscii(&xs->subject);
         result = apr_pstrdup(p, xsname);
@@ -441,6 +446,29 @@
     return result;
 }
 
+/* Return a string giving the number of days remaining until the cert
+ * expires "0" if this can't be determined. 
+ *
+ * In mod_ssl this is more generic, passing in a time to calculate against,
+ * but I see no point in converting the end date into a string and back again.
+ */
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs)
+{
+    PRTime           notBefore, notAfter;
+    PRTime           now, diff;
+
+    CERT_GetCertTimes(xs, &notBefore, &notAfter);
+    now = PR_Now();
+
+    /* Both times are relative to the epoch, so no TZ calcs are needed */
+    diff = notAfter - now;
+
+    /* PRTime is in microseconds so convert to seconds before days */
+    diff = (diff / PR_USEC_PER_SEC) / (60*60*24);
+
+    return (diff > 0) ? apr_itoa(p, diff) : apr_pstrdup(p, "0");
+}
+
 static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
 {
     char *result;


Index: nss_engine_kernel.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_kernel.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- nss_engine_kernel.c	9 Aug 2006 19:17:56 -0000	1.6
+++ nss_engine_kernel.c	9 Aug 2006 19:31:18 -0000	1.7
@@ -732,6 +732,7 @@
     "SSL_CLIENT_M_SERIAL",
     "SSL_CLIENT_V_START",
     "SSL_CLIENT_V_END",
+    "SSL_CLIENT_V_REMAIN",
     "SSL_CLIENT_S_DN",
     "SSL_CLIENT_S_DN_C",
     "SSL_CLIENT_S_DN_ST",

More information about the Fedora-directory-commits mailing list