update docs and and changelog for #612 (#639)
* update docs and and changelog for #612
* update changelog
* more detail
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 62335a8..5bd844c 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -15,6 +15,11 @@
- Removed the deprecated ``OpenSSL.rand.egd`` function.
Applications should prefer ``os.urandom()`` for random number generation.
`#630 <https://github.com/pyca/pyopenssl/pull/630>`_
+- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore``,
+ ``X509.set_notAfter``, ``Revoked.set_rev_date``, ``Revoked.set_nextUpdate``,
+ and ``Revoked.set_lastUpdate``. You must now pass times in the form
+ ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
+ will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
Deprecations:
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 3404172..ae05ede 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1235,11 +1235,9 @@
"""
Get the timestamp at which the certificate starts being valid.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
:return: A timestamp string, or ``None`` if there is none.
:rtype: bytes or NoneType
@@ -1253,11 +1251,9 @@
"""
Set the timestamp at which the certificate starts being valid.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
:param bytes when: A timestamp string.
:return: ``None``
@@ -1268,11 +1264,9 @@
"""
Get the timestamp at which the certificate stops being valid.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
:return: A timestamp string, or ``None`` if there is none.
:rtype: bytes or NoneType
@@ -1283,11 +1277,9 @@
"""
Set the timestamp at which the certificate stops being valid.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
:param bytes when: A timestamp string.
:return: ``None``
@@ -1943,7 +1935,7 @@
Set the revocation timestamp.
:param bytes when: The timestamp of the revocation,
- as ASN.1 GENERALIZEDTIME.
+ as ASN.1 TIME.
:return: ``None``
"""
dt = _lib.X509_REVOKED_get0_revocationDate(self._revoked)
@@ -1953,7 +1945,7 @@
"""
Get the revocation timestamp.
- :return: The timestamp of the revocation, as ASN.1 GENERALIZEDTIME.
+ :return: The timestamp of the revocation, as ASN.1 TIME.
:rtype: bytes
"""
dt = _lib.X509_REVOKED_get0_revocationDate(self._revoked)
@@ -2040,11 +2032,9 @@
"""
Set when the CRL was last updated.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
.. versionadded:: 16.1.0
@@ -2057,11 +2047,9 @@
"""
Set when the CRL will next be udpated.
- The timestamp is formatted as an ASN.1 GENERALIZEDTIME::
+ The timestamp is formatted as an ASN.1 TIME::
YYYYMMDDhhmmssZ
- YYYYMMDDhhmmss+hhmm
- YYYYMMDDhhmmss-hhmm
.. versionadded:: 16.1.0