Implement certificate lifetime parameter as required by WebRTC RFC.

webrtc/base/opensslidentity.h

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 84 matching lines @@
   X509* x509_;
 
   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
 };
 
 // Holds a keypair and certificate together, and a method to generate
 // them consistently.
 class OpenSSLIdentity : public SSLIdentity {
  public:
   static OpenSSLIdentity* Generate(const std::string& common_name,
-                                   const KeyParams& key_params);
+                                   const KeyParams& key_params,
+                                   time_t certificate_lifetime);

[Ryan Sleevi, 2016/03/08 17:04:43]

I would strongly advise against using time_t in a public API, as opposed to a
more clearer expression (base::Time or seconds), due to platform
interoperability w/r/t time_t

[torbjorng (webrtc), 2016/03/30 14:00:29]

Note that Open/BoringSSL uses time_t, and this is an interface to it. We need to
convert someplace from some other type to time_t. (Besides, base::Time is not
available in WebRTC.)

Incidentally, we're working on a new C++ API for these things. It won't be using
time_t, for sure.

[Ryan Sleevi, 2016/03/31 02:07:53]

OpenSSL's API is actually designed around the ASN1_TIME interface. The time_t
bits are part of the legacy interface, and precisely because of issues with
time_t sizing - such as the Y2038 problem. The 'right' thing to use is the
ASN1_TIME interfaces (ASN1_TIME_DIFF, ASN1_GENERALIZEDTIME_set_string,
ASN1_UTCTIME_set_string, etc)

[torbjorng (webrtc), 2016/03/31 13:18:34]

Right, I wasn't aware of that one set of interfaces were considered obsolete. It
is also hard to guess which interfaces are intended as part of the external API.

I created https://bugs.chromium.org/p/webrtc/issues/detail?id=5720 about
cleaning up this.

   static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
   static SSLIdentity* FromPEMStrings(const std::string& private_key,
                                      const std::string& certificate);
   ~OpenSSLIdentity() override;
 
   const OpenSSLCertificate& certificate() const override;
   OpenSSLIdentity* GetReference() const override;
 
   // Configure an SSL context object to use our key and certificate.
   bool ConfigureIdentity(SSL_CTX* ctx);
 
  private:
   OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate);
 
   static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
 
   scoped_ptr<OpenSSLKeyPair> key_pair_;
   scoped_ptr<OpenSSLCertificate> certificate_;
 
   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity);
 };
 
 
 }  // namespace rtc
 
 #endif  // WEBRTC_BASE_OPENSSLIDENTITY_H_