From fb8d2d4b2f709f5443cf2079141aa8795966ed59 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 17 Oct 2019 11:25:12 -0700
Subject: [PATCH] Fix to restore notBefore/notAfter functions that were removed
 in PR #2462. These are not openssl compatibility functions, but are used by
 JSSE.

---
 cyassl/ssl.h  |  2 ++
 src/ssl.c     | 35 +++++++++++++++++++++++++++++++++++
 wolfssl/ssl.h |  2 ++
 3 files changed, 39 insertions(+)

diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index e865ba410..f3eff5355 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -164,6 +164,8 @@
 /* get index cert in PEM */
 #define CyaSSL_X509_get_subjectCN wolfSSL_X509_get_subjectCN
 #define CyaSSL_X509_get_der       wolfSSL_X509_get_der
+#define CyaSSL_X509_notBefore     wolfSSL_X509_notBefore
+#define CyaSSL_X509_notAfter      wolfSSL_X509_notAfter
 #define CyaSSL_X509_get_notBefore wolfSSL_X509_get_notBefore
 #define CyaSSL_X509_get_notAfter  wolfSSL_X509_get_notAfter
 #define CyaSSL_X509_version       wolfSSL_X509_version
diff --git a/src/ssl.c b/src/ssl.c
index e5b5f828f..f930d16f0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17889,6 +17889,41 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
         return x509->derCert->buffer;
     }
 
+    /* used by JSSE (not a standard compatibility function) */
+    /* this is not thread safe */
+    const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
+    {
+        static byte notBeforeData[CTC_DATE_SIZE]; /* temp buffer for date */
+        WOLFSSL_ENTER("wolfSSL_X509_notBefore");
+
+        if (x509 == NULL)
+            return NULL;
+
+        XMEMSET(notBeforeData, 0, sizeof(notBeforeData));
+        notBeforeData[0] = (byte)x509->notBefore.type;
+        notBeforeData[1] = (byte)x509->notBefore.length;
+        XMEMCPY(&notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
+
+        return notBeforeData;
+    }
+    /* used by JSSE (not a standard compatibility function) */
+    /* this is not thread safe */
+    const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
+    {
+        static byte notAfterData[CTC_DATE_SIZE]; /* temp buffer for date */
+        WOLFSSL_ENTER("wolfSSL_X509_notAfter");
+
+        if (x509 == NULL)
+            return NULL;
+
+        XMEMSET(notAfterData, 0, sizeof(notAfterData));
+        notAfterData[0] = (byte)x509->notAfter.type;
+        notAfterData[1] = (byte)x509->notAfter.length;
+        XMEMCPY(&notAfterData[2], x509->notAfter.data, x509->notAfter.length);
+
+        return notAfterData;
+    }
+
 
     /* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate
      *
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 16a66fb2a..60b2d0e2d 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1999,6 +1999,8 @@ WOLFSSL_API int  wolfSSL_X509_get_serial_number(WOLFSSL_X509*,unsigned char*,int
 WOLFSSL_API char*  wolfSSL_X509_get_subjectCN(WOLFSSL_X509*);
 WOLFSSL_API const unsigned char* wolfSSL_X509_get_der(WOLFSSL_X509*, int*);
 WOLFSSL_API const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509*, int*);
+WOLFSSL_API const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509);
+WOLFSSL_API const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509);
 WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*);
 
 WOLFSSL_API int wolfSSL_cmp_peer_cert_to_file(WOLFSSL*, const char*);