[pbs-devel] [PATCH v2 backup 05/27] CertInfo: add not_{after, before}_unix
Dietmar Maurer
dietmar at proxmox.com
Thu Apr 29 10:33:06 CEST 2021
On 4/29/21 9:14 AM, Wolfgang Bumiller wrote:
> On Thu, Apr 29, 2021 at 09:08:03AM +0200, Dietmar Maurer wrote:
>> On 4/29/21 9:01 AM, Wolfgang Bumiller wrote:
>>> On Thu, Apr 29, 2021 at 08:13:19AM +0200, Dietmar Maurer wrote:
>>>> Seems I can do it without foreign-types:
>>>>
>>>> fn asn1_time_to_unix(time: &openssl::asn1::Asn1TimeRef) -> Result<i64,
>>>> Error> {
>>>> let epoch0 = openssl::asn1::Asn1Time::from_unix(0)?;
>>>> let diff = epoch0.diff(time)?;
>>>> let seconds = (diff.days as i64) * 24*60*60 + (diff.secs as i64);
>>>> Ok(seconds)
>>>> }
>>>>
>>>> Any objections?
>>> Yes, for 2 reasons:
>>> * openssl does provide the functionality and the dependency is already
>>> in our tree because openssl pulls it in
>>> * 1100 days in already covers 3 leap seconds and I don't want to worry
>>> about whether `diff.days` takes that into account, the best time math
>>> is no time math at all
>> Agreed, but your code is unsafe and hard to read. IMHO that whole
>> foreign_type thing is hard to understand. And Unix Epoch does not care about
>> leap seconds, so why should we do?
> Because the diff method doesn't give you a unix epoch, it gives you a
> number of days without context which originally come from calendar
> dates, and this way days aren't well-enough defined for my taste.
Beside, it seems we do not need those methods at all if we return the
tlme as String in the API.
Returning time as String is better anyways, because it shows whats
encoded inside the cert.
For example. on my host:
# openssl x509 -in /etc/proxmox-backup/proxy.pem -noout -text|grep After
Not After : Sep 2 13:45:56 3019 GMT
If it convert to epoch and print that I get:
3019-09-02T15:45:56+02:00
We loose the original time zone info, so this is not optimal.
More information about the pbs-devel
mailing list