From 7cabe3475ecfd2a6338680ab469f27e6a700a31f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 31 Dec 2006 01:08:56 +0000
Subject: [PATCH] allow setting notBefore and notAfter.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19603 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/ca.c | 33 ++++++++++++++++++++++++++++++---
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c
index cba5e7ba5..edf252a6f 100644
--- a/lib/hx509/ca.c
+++ b/lib/hx509/ca.c
@@ -85,6 +85,32 @@ hx509_ca_tbs_free(hx509_ca_tbs *tbs)
     *tbs = NULL;
 }
 
+int
+hx509_ca_tbs_set_notBefore(hx509_context context,
+			   hx509_ca_tbs tbs,
+			   time_t t)
+{
+    tbs->notBefore = t;
+    return 0;
+}
+
+int
+hx509_ca_tbs_set_notAfter(hx509_context context,
+			   hx509_ca_tbs tbs,
+			   time_t t)
+{
+    tbs->notAfter = t;
+    return 0;
+}
+
+int
+hx509_ca_tbs_set_notAfter_lifetime(hx509_context context,
+				   hx509_ca_tbs tbs,
+				   time_t delta)
+{
+    return hx509_ca_tbs_set_notAfter(context, tbs, time(NULL) + delta);
+}
+
 int
 hx509_ca_tbs_set_ca(hx509_context context,
 		    hx509_ca_tbs tbs,
@@ -380,13 +406,14 @@ ca_sign(hx509_context context,
     memset(&c, 0, sizeof(c));
 
     /*
-     * Default values are, valid since 24h ago, valid one year into
-     * the future.
+     * Default values are: Valid since 24h ago, valid one year into
+     * the future, KeyUsage digitalSignature and keyEncipherment set,
+     * and keyCertSign for CA certificates.
      */
     notBefore = tbs->notBefore;
     if (notBefore == 0)
 	notBefore = time(NULL) - 3600 * 24;
-    notAfter = tbs->notBefore;
+    notAfter = tbs->notAfter;
     if (notAfter == 0)
 	notAfter = time(NULL) + 3600 * 24 * 365;