show validity of OCSP responses
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 10 Sep 2010 20:14:12 +0000 (22:14 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 10 Sep 2010 20:26:03 +0000 (22:26 +0200)
src/libcharon/plugins/stroke/stroke_list.c

index 5825df0..de822f4 100644 (file)
@@ -1027,9 +1027,10 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
  */
 static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
 {
-       bool first = TRUE;
+       bool first = TRUE, ok;
        enumerator_t *enumerator = list->create_enumerator(list);
        certificate_t *cert;
+       time_t produced, usable, now = time(NULL);
 
        while (enumerator->enumerate(enumerator, (void**)&cert))
        {
@@ -1040,8 +1041,20 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
                        fprintf(out, "\n");
                        first = FALSE;
                }
-
                fprintf(out, "  signer:   \"%Y\"\n", cert->get_issuer(cert));
+
+               /* check validity */
+               ok = cert->get_validity(cert, &now, &produced, &usable);
+               fprintf(out, "  validity:  produced at %T\n", &produced, utc);
+               fprintf(out, "             usable till %T, ", &usable, utc);
+               if (ok)
+               {
+                       fprintf(out, "ok\n");
+               }
+               else
+               {
+                       fprintf(out, "expired (%V ago)\n", &now, &usable);
+               }
        }
        enumerator->destroy(enumerator);
 }