Change the interface of X509_CA::sign_request as follows:

- The allow_ca policy value is no longer checked. Callers should check if the request is for a CA cert and treat it accordingly; this makes it simpler to to case-by-case decisions (expecially among multiple threads) - Instead of a single time value, a u32bit representing the number of seconds from now the certificate should expire, the start and end times are passed explicitly as two X509_Time values.
author: lloyd <[email protected]> 2008-04-10 04:39:58 +0000
committer: lloyd <[email protected]> 2008-04-10 04:39:58 +0000
commit: fd717509a0547faa4384b351635a85f7315f2eaa (patch)
tree: 1abd16dc7dba49bd9b52f76e8351e5eac9f1a96e /include
parent: 4e9d101a1b18316fe14829a52c1e4df20208aa5d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/include/x509_ca.h b/include/x509_ca.h
index 4a7cb22ca..3c2610d7f 100644
--- a/include/x509_ca.h
+++ b/include/x509_ca.h
@@ -1,6 +1,6 @@
 /*************************************************
 * X.509 Certificate Authority Header File        *
-* (C) 1999-2007 Jack Lloyd                       *
+* (C) 1999-2008 Jack Lloyd                       *
 *************************************************/
 
 #ifndef BOTAN_X509_CA_H__
@@ -21,7 +21,9 @@ namespace Botan {
 class X509_CA
    {
    public:
-      X509_Certificate sign_request(const PKCS10_Request&, u32bit = 0) const;
+      X509_Certificate sign_request(const PKCS10_Request& req,
+                                    const X509_Time& not_before,
+                                    const X509_Time& not_after);
 
       X509_Certificate ca_certificate() const;
author	lloyd <[email protected]>	2008-04-10 04:39:58 +0000
committer	lloyd <[email protected]>	2008-04-10 04:39:58 +0000
commit	fd717509a0547faa4384b351635a85f7315f2eaa (patch)
tree	1abd16dc7dba49bd9b52f76e8351e5eac9f1a96e /include
parent	4e9d101a1b18316fe14829a52c1e4df20208aa5d (diff)