proxmox-mirrors/pve-common
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-common synced 2025-04-28 12:10:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

certificate: factor out obtaining the expiration timestamp

Browse Source 
This can be useful to have, e.g., when requiring different behaviors
the nearer an expiry gets.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2024-11-11 09:51:57 +01:00
parent 8915b9669c
commit 61073db2bc
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/PVE/Certificate.pm
View File

@ -316,11 +316,9 @@ sub get_certificate_info {
return $info;
};
# Checks whether certificate expires before $timestamp (UNIX epoch)
sub check_expiry {
my ($cert_path, $timestamp) = @_;
$timestamp //= time();
# Obtain the expiration timestamp of a X.509 certificate as a UNIX epoch.
sub get_expiration_as_epoch {
my ($cert_path) = @_;
my $cert = $read_certificate->($cert_path);
my $not_after = eval { convert_asn1_to_epoch(Net::SSLeay::X509_get_notAfter($cert)) };
@ -330,6 +328,17 @@ sub check_expiry {
die $err if $err;
return $not_after;
};
# Checks whether certificate expires before $timestamp (UNIX epoch)
sub check_expiry {
my ($cert_path, $timestamp) = @_;
$timestamp //= time();
my $not_after = get_expiration_as_epoch($cert_path);
return ($not_after < $timestamp) ? 1 : 0;
};