X509_cmp_time.3ossl - Man Page

X509 time functions


 int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm);
 int X509_cmp_current_time(const ASN1_TIME *asn1_time);
 int X509_cmp_timeframe(const X509_VERIFY_PARAM *vpm,
                        const ASN1_TIME *start, const ASN1_TIME *end);
 ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm);
 ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long
                             offset_sec, time_t *in_tm);


X509_cmp_time() compares the ASN1_TIME in asn1_time with the time in <in_tm>.

X509_cmp_current_time() compares the ASN1_TIME in asn1_time with the current time, expressed as time_t.

X509_cmp_timeframe() compares the given time period with the reference time included in the verification parameters vpm if they are not NULL and contain X509_V_FLAG_USE_CHECK_TIME; else the current time is used as reference time.

X509_time_adj_ex() sets the ASN1_TIME structure asn1_time to the time offset_day and offset_sec after in_tm.

X509_time_adj() sets the ASN1_TIME structure asn1_time to the time offset_sec after in_tm. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred.

In both methods, if asn1_time is NULL, a new ASN1_TIME structure is allocated and returned.

In all methods, if in_tm is NULL, the current time, expressed as time_t, is used.

asn1_time must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.


Unlike many standard comparison functions, X509_cmp_time() and X509_cmp_current_time() return 0 on error.

Return Values

X509_cmp_time() and X509_cmp_current_time() return -1 if asn1_time is earlier than, or equal to, in_tm (resp. current time), and 1 otherwise. These methods return 0 on error.

X509_cmp_timeframe() returns 0 if vpm is not NULL and the verification parameters do not contain X509_V_FLAG_USE_CHECK_TIME but do contain X509_V_FLAG_NO_CHECK_TIME. Otherwise it returns 1 if the end time is not NULL and the reference time (which has determined as stated above) is past the end time, -1 if the start time is not NULL and the reference time is before, else 0 to indicate that the reference time is in range (implying that the end time is not before the start time if both are present).

X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error.


X509_cmp_timeframe() was added in OpenSSL 3.0.

Referenced By

The man pages X509_cmp_current_time.3ossl(3), X509_cmp_timeframe.3ossl(3), X509_time_adj.3ossl(3) and X509_time_adj_ex.3ossl(3) are aliases of X509_cmp_time.3ossl(3).

2022-09-12 3.0.5 OpenSSL