From 96b1ef829cc51a901dd7b7225b9307b8628a4898 Mon Sep 17 00:00:00 2001
From: David Weinstein <dweinst@insitusec.com>
Date: Tue, 16 Aug 2016 22:39:30 -0400
Subject: [PATCH] Add `"x509_expiry"` feature flag

- fix return of `ASN1_TIME_print`
- assert on null `date`
---
 openssl-sys/src/lib.rs  | 2 +-
 openssl/Cargo.toml      | 1 +
 openssl/src/asn1/mod.rs | 2 +-
 openssl/src/c_helpers.c | 4 ++--
 openssl/src/x509/mod.rs | 4 ++++
 5 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 92be6183..ab29f55c 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -625,7 +625,7 @@ extern "C" {
     pub fn ASN1_INTEGER_set(dest: *mut ASN1_INTEGER, value: c_long) -> c_int;
     pub fn ASN1_STRING_type_new(ty: c_int) -> *mut ASN1_STRING;
     pub fn ASN1_TIME_free(tm: *mut ASN1_TIME);
-    pub fn ASN1_TIME_print(b: *mut BIO, tm: *const ASN1_TIME);
+    pub fn ASN1_TIME_print(b: *mut BIO, tm: *const ASN1_TIME) -> c_int;
 
     pub fn BIO_ctrl(b: *mut BIO, cmd: c_int, larg: c_long, parg: *mut c_void) -> c_long;
     pub fn BIO_free_all(b: *mut BIO);
diff --git a/openssl/Cargo.toml b/openssl/Cargo.toml
index d1d709a3..9c09aed6 100644
--- a/openssl/Cargo.toml
+++ b/openssl/Cargo.toml
@@ -30,6 +30,7 @@ hmac_clone = ["openssl-sys/hmac_clone"]
 c_helpers = ["gcc"]
 x509_clone = ["c_helpers"]
 x509_generator_request = ["c_helpers"]
+x509_expiry = ["c_helpers"]
 ssl_context_clone = ["c_helpers"]
 hmac = ["c_helpers"]
 dh_from_params = ["c_helpers"]
diff --git a/openssl/src/asn1/mod.rs b/openssl/src/asn1/mod.rs
index 4fb4c7cf..1eab9f04 100644
--- a/openssl/src/asn1/mod.rs
+++ b/openssl/src/asn1/mod.rs
@@ -58,7 +58,7 @@ impl<'a> fmt::Display for Asn1TimeRef<'a> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         let mem_bio = try!(MemBio::new());
         let as_str = unsafe {
-            ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0);
+            try_ssl!(ffi::ASN1_TIME_print(mem_bio.as_ptr(), self.0));
             String::from_utf8_unchecked(mem_bio.get_buf().to_owned())
         };
         write!(f, "{}", as_str)
diff --git a/openssl/src/c_helpers.c b/openssl/src/c_helpers.c
index 08b5b6d3..6e6a5021 100644
--- a/openssl/src/c_helpers.c
+++ b/openssl/src/c_helpers.c
@@ -15,11 +15,11 @@ STACK_OF(X509_EXTENSION) *rust_0_8_X509_get_extensions(X509 *x) {
     return x->cert_info ? x->cert_info->extensions : NULL;
 }
 
-ASN1_TIME* rust_0_8_X509_get_notAfter_shim(X509 *x) {
+ASN1_TIME* rust_0_8_X509_get_notAfter(X509 *x) {
   return X509_get_notAfter(x);
 }
 
-ASN1_TIME* rust_0_8_X509_get_notBefore_shim(X509 *x) {
+ASN1_TIME* rust_0_8_X509_get_notBefore(X509 *x) {
   return X509_get_notBefore(x);
 }
 
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs
index dc649f18..bb5743e9 100644
--- a/openssl/src/x509/mod.rs
+++ b/openssl/src/x509/mod.rs
@@ -434,17 +434,21 @@ impl<'a> X509Ref<'a> {
     }
 
     /// Returns Issuer validity notAfter
+    #[cfg(feature = "x509_expiry")]
     pub fn not_after(&self) -> Asn1TimeRef {
         unsafe {
             let date = ::c_helpers::rust_0_8_X509_get_notAfter(self.0);
+            assert!(!date.is_null());
             Asn1TimeRef::from_ptr(date)
         }
     }
 
     /// Returns Issuer validity notBefore
+    #[cfg(feature = "x509_expiry")]
     pub fn not_before(&self) -> Asn1TimeRef {
         unsafe {
             let date = ::c_helpers::rust_0_8_X509_get_notBefore(self.0);
+            assert!(!date.is_null());
             Asn1TimeRef::from_ptr(date)
         }
     }