show validity of OCSP responses

1 files changed, 15 insertions, 2 deletions

diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index 5825df0b7..de822f49b 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -1027,9 +1027,10 @@ static void stroke_list_crls(linked_list_t *list, bool utc, FILE *out)
  */
 static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
 {
-	bool first = TRUE;
+	bool first = TRUE, ok;
 	enumerator_t *enumerator = list->create_enumerator(list);
 	certificate_t *cert;
+	time_t produced, usable, now = time(NULL);
 
 	while (enumerator->enumerate(enumerator, (void**)&cert))
 	{
@@ -1040,8 +1041,20 @@ static void stroke_list_ocsp(linked_list_t* list, bool utc, FILE *out)
 			fprintf(out, "\n");
 			first = FALSE;
 		}
-
 		fprintf(out, "  signer:   \"%Y\"\n", cert->get_issuer(cert));
+
+		/* check validity */
+		ok = cert->get_validity(cert, &now, &produced, &usable);
+		fprintf(out, "  validity:  produced at %T\n", &produced, utc);
+		fprintf(out, "             usable till %T, ", &usable, utc);
+		if (ok)
+		{
+			fprintf(out, "ok\n");
+		}
+		else
+		{
+			fprintf(out, "expired (%V ago)\n", &now, &usable);
+		}
 	}
 	enumerator->destroy(enumerator);
 }