-dateopt option only affects x509 -dates option output #18557

hholzgra · 2022-06-14T10:31:40Z

Version: 3.0.2 on Ubuntu 22.04LTS

After having fixed issue #18553 to make -dateopt iso_8601 actually work I found that this only seems to change the date format for openssl x509 -dates, but not for other output.

E.g. this produces ISO-8601 output as expected:

$ openssl x509 -noout -dates -dateopt iso_8601 -in test/certs/ca-cert.pem 
notBefore=2020-12-12 20:16:50Z
notAfter=2120-12-13 20:16:50Z

But this still produces RFC-822 output instead

$ /usr/local/bin/openssl x509 -noout -text -dateopt iso_8601 -in test/certs/ca-cert.pem | egrep '(Before|After)'
            Not Before: Dec 12 20:16:50 2020 GMT
            Not After : Dec 13 20:16:50 2120 GMT

Similar for openssl crl, the -dateopt format is used for -lastupdate and -nextupdate output, but not when requesting general -text:

$ openssl crl -in test/testcrl.pem -noout -dateopt iso_8601 -lastupdate
lastUpdate=1995-05-02 02:12:26Z

$ openssl crl -in test/testcrl.pem -noout -dateopt iso_8601 -text | grep -i last
        Last Update: May  2 02:12:26 1995 GMT

And while the openssl-ca manual page also mentions the -dateopt option, and set_dateopt() being called in apps/ca.c, I'm not even sure how to have that command produce output with human readable datetime information in it at all ...

The text was updated successfully, but these errors were encountered:

t8m · 2022-06-14T10:42:26Z

IMO this is a documentation issue.

hholzgra · 2022-06-14T11:15:55Z

In that case I'll probably create a follow up feature request to also allow for requesting ISO format output from -text ... ;)

paulidale · 2022-06-16T04:26:13Z

I'm more tempted to call this a bug. I requested a date format and it wasn't honoured.

t8m · 2022-06-16T13:19:50Z

IMO as that would clearly require implementing an X509_print_ex2 function I can hardly see this as a bug. It is clear the intention of the implementation was to affect the date output other than in the certificate text dump.

Joachim-Otahal · 2024-01-22T15:44:39Z

Thank you for reporting that issue! I was searching a lot how to get iso_8601 (-like) output of -nextupdate from a .CRL .CRT etc for monitoring purposes (PRTG for example). Nothing was found, even in the documentation, and I was a but surprised by that. But here, finally a working example command line which can be universally parsed, in all languages no matter which OS.
Though, as using 3.2 today, iso_8601 and -text still don't combine, so I subscribe and hope!

hholzgra added the issue: bug report The issue was opened to report a bug label Jun 14, 2022

t8m added branch: master Merge to master branch triaged: documentation The issue/pr deals with documentation (errors) branch: 3.0 Merge to openssl-3.0 branch and removed issue: bug report The issue was opened to report a bug labels Jun 14, 2022

t8m added branch: 3.1 Merge to openssl-3.1 branch: 3.2 Merge to openssl-3.2 labels Oct 26, 2023

nhorman added the help wanted label Jun 8, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

-dateopt option only affects x509 -dates option output #18557

-dateopt option only affects x509 -dates option output #18557

hholzgra commented Jun 14, 2022

t8m commented Jun 14, 2022

hholzgra commented Jun 14, 2022

paulidale commented Jun 16, 2022

t8m commented Jun 16, 2022

Joachim-Otahal commented Jan 22, 2024

-dateopt option only affects x509 -dates option output #18557

-dateopt option only affects x509 -dates option output #18557

Comments

hholzgra commented Jun 14, 2022

t8m commented Jun 14, 2022

hholzgra commented Jun 14, 2022

paulidale commented Jun 16, 2022

t8m commented Jun 16, 2022

Joachim-Otahal commented Jan 22, 2024