doc: Add documentation for X509_STORE_CTX_set_time#29899
Closed
kovan wants to merge 3 commits into
Closed
Conversation
Document the X509_STORE_CTX_set_time() function which sets the verification time for certificate chain validation. This is a convenience wrapper around X509_VERIFY_PARAM_set_time(). Remove X509_STORE_CTX_set_time from missingcrypto.txt and missingcrypto111.txt. Fixes openssl#21362 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
kovan
force-pushed
the
fix/doc-x509-store-ctx-set-time
branch
from
73a5315 to
eafeefe
Compare
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
n13l
approved these changes
Mar 26, 2026
Contributor
n13l
left a comment
n13l
left a comment
There was a problem hiding this comment.
Looks good, thanks. I think it deserves another review.
openssl-machine
added
the
approval: review pending
esyr
requested changes
Mar 26, 2026
| By default, the current system time is used for certificate verification. | ||
| Setting a specific time is useful for testing or when verifying historical | ||
| certificates. | ||
| The I<flags> parameter is currently ignored and should be set to 0. |
Member
There was a problem hiding this comment.
Ugh, the 0 check is not enforced, and the parameter ultimately cannot be used in future anyway, so the sentence can be shortened as The I<flags> parameter is ignored..
| X509_STORE_CTX_set_cert(), | ||
| X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return | ||
| values. | ||
| X509_STORE_CTX_set0_crls(), X509_STORE_CTX_set0_param() and |
| purpose is I<X509_TRUST_DEFAULT> and I<trust> is 0 then the default trust id | ||
| associated with the I<def_purpose> value is used for the trust setting instead. | ||
|
|
||
| X509_STORE_CTX_set_time() sets the verification time in I<ctx> to I<t>. |
Member
There was a problem hiding this comment.
Ugh, both it and X509_VERIFY_PARAM_set_time(3) should specify what t is, which is POSIX time (seconds since 1970-01-01T00:00:00Z, excluding leap seconds), and likely reference OPENSSL_tm_to_posix(3).
esyr
added
triaged: documentation
Contributor
Author
|
Thanks for the review @esyr. Pushed a fixup addressing all three points:
|
esyr
approved these changes
Mar 26, 2026
Comment on lines
+282
to
+283
| which is a POSIX time value representing seconds since 1970-01-01T00:00:00Z | ||
| (see L<OPENSSL_tm_to_posix(3)>). |
Member
There was a problem hiding this comment.
The wording is a bit clunky, after all, but the idea is clear now (hopefully).
Collaborator
|
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
npajkovsky
approved these changes
Apr 27, 2026
openssl-machine
added
approval: done
Collaborator
|
This pull request is ready to merge |
Contributor
|
Merged to master. Thank you! |
openssl-machine
pushed a commit
that referenced
this pull request
May 3, 2026
Document the X509_STORE_CTX_set_time() function which sets the verification time for certificate chain validation. This is a convenience wrapper around X509_VERIFY_PARAM_set_time(). Remove X509_STORE_CTX_set_time from missingcrypto.txt and missingcrypto111.txt. Fixes #21362 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> MergeDate: Sun May 3 15:38:26 2026 (Merged from #29899)
jericson
pushed a commit
to jericson/openssl
that referenced
this pull request
May 9, 2026
Document the X509_STORE_CTX_set_time() function which sets the verification time for certificate chain validation. This is a convenience wrapper around X509_VERIFY_PARAM_set_time(). Remove X509_STORE_CTX_set_time from missingcrypto.txt and missingcrypto111.txt. Fixes openssl#21362 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org> Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org> MergeDate: Sun May 3 15:38:26 2026 (Merged from openssl#29899)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #21362
Test plan
🤖 Generated with Claude Code