Open tanguilp opened 4 years ago
voltone
commented
4 years ago True, the existing functions around Validity are primarily about creating validity records.
I am working on a major rewrite, where much of the core functionality is handled by Erlang modules, and the Elixir modules are mostly about interworking with Elixir native data types. Validity would be one area where I imagine I'll end up with a rich Elixir interface.
voltone
commented
4 years ago Actually, there is already an undocumented X509.DateTime.to_datetime/1:
iex(3)> {:Validity, not_before, not_after} = X509.Certificate.validity(cert)
{:Validity, {:utcTime, '181001172413Z'}, {:utcTime, '191130233419Z'}}
iex(4)> X509.DateTime.to_datetime(not_before)
~U[2018-10-01 17:24:13Z]
iex(5)> DateTime.compare(DateTime.utc_now(), X509.DateTime.to_datetime(not_after))
:gtDon't tell anyone 🤫
tanguilp
commented
4 years ago Actually it's not conforming with the specification: https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
Not sure if people were doing X509 in the 60s though :)
voltone
commented
4 years ago I might fix that in the rewrite. Right now Validity encoding, which is a public API, works correctly for dates from 1950 forward. Decoding only works starting from 2000, which is probably why I didn't make it public
voltone
commented
4 years ago (Oops, again that annoying GH keyboard shortcut)
X509 utcTime (and probably other date formats) are not trivial to parse to standard Elixir's
Datetime. For instance, if YY is > 50 then it's 19xx, otherwise 20xx.It might prove useful to implement helper functions to deal with parsing dates of a
:Validityrecord.