[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 73/156: Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:30 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit ecf3a7e8c544b351ed3923ff01806759e7abbb75
Author: rcritten <>
Date: Wed Aug 9 19:31:18 2006 +0000
Merge in changes from http://svn.apache.org/viewvc?view=rev&revision=104700
* nss_engine_vars.c (nss_var_lookup_ssl_cert_remain): New function.
(nss_var_lookup_nss_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.
* nss_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if +StdEnvVars is
configured.
---
nss_engine_kernel.c | 1 +
nss_engine_vars.c | 28 ++++++++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 9443896..baa8c49 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -732,6 +732,7 @@ static const char *nss_hook_Fixup_vars[] = {
"SSL_CLIENT_M_SERIAL",
"SSL_CLIENT_V_START",
"SSL_CLIENT_V_END",
+ "SSL_CLIENT_V_REMAIN",
"SSL_CLIENT_S_DN",
"SSL_CLIENT_S_DN_C",
"SSL_CLIENT_S_DN_ST",
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index 8002bb1..b41f412 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -32,6 +32,7 @@ static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var);
static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c);
static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var);
static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type);
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs);
static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var);
static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs);
static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c);
@@ -314,6 +315,10 @@ static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *v
else if (strcEQ(var, "V_END")) {
result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER);
}
+ else if (strcEQ(var, "V_REMAIN")) {
+ result = ssl_var_lookup_ssl_cert_remain(p, xs);
+ resdup = FALSE;
+ }
else if (strcEQ(var, "S_DN")) {
xsname = CERT_NameToAscii(&xs->subject);
result = apr_pstrdup(p, xsname);
@@ -441,6 +446,29 @@ static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, i
return result;
}
+/* Return a string giving the number of days remaining until the cert
+ * expires "0" if this can't be determined.
+ *
+ * In mod_ssl this is more generic, passing in a time to calculate against,
+ * but I see no point in converting the end date into a string and back again.
+ */
+static char *ssl_var_lookup_ssl_cert_remain(apr_pool_t *p, CERTCertificate *xs)
+{
+ PRTime notBefore, notAfter;
+ PRTime now, diff;
+
+ CERT_GetCertTimes(xs, ¬Before, ¬After);
+ now = PR_Now();
+
+ /* Both times are relative to the epoch, so no TZ calcs are needed */
+ diff = notAfter - now;
+
+ /* PRTime is in microseconds so convert to seconds before days */
+ diff = (diff / PR_USEC_PER_SEC) / (60*60*24);
+
+ return (diff > 0) ? apr_itoa(p, diff) : apr_pstrdup(p, "0");
+}
+
static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var)
{
char *result;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list