Get rid of ASN1_UTCTIME_get, which cannot work with time_t

		else if (strcmp(*argv,"-addtrust") == 0)

			{

			if (--argc < 1) goto bad;

			if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {

			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))

				{

				BIO_printf(bio_err,

					"Invalid trust object value %s\n", *argv);

				goto bad;

		else if (strcmp(*argv,"-addreject") == 0)

			{

			if (--argc < 1) goto bad;

			if(!(objtmp = OBJ_txt2obj(*(++argv), 0))) {

			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))

				{

				BIO_printf(bio_err,

					"Invalid reject object value %s\n", *argv);

				goto bad;

	ERR_load_crypto_strings();

	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {

	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))

		{

		BIO_printf(bio_err, "Error getting password\n");

		goto end;

		}

		goto end;

		}

	if (extfile) {

	if (extfile)

		{

		long errorline;

		X509V3_CTX ctx2;

		if (!(extconf=CONF_load(NULL,extfile,&errorline))) {

		if (!(extconf=CONF_load(NULL,extfile,&errorline)))

			{

			if (errorline <= 0)

				BIO_printf(bio_err,

					"error loading the config file '%s'\n",

					 "extensions"))) extsect = "default";

		X509V3_set_ctx_test(&ctx2);

		X509V3_set_conf_lhash(&ctx2, extconf);

		if(!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL)) {

		if (!X509V3_EXT_add_conf(extconf, &ctx2, extsect, NULL))

			{

			BIO_printf(bio_err,

				"Error Loading extension section %s\n",

								 extsect);

	if (clrtrust) X509_trust_clear(x);

	if (clrreject) X509_reject_clear(x);

	if(trust) {

		for(i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {

	if (trust)

		{

		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)

			{

			objtmp = sk_ASN1_OBJECT_value(trust, i);

			X509_add1_trust_object(x, objtmp);

			}

		}

	if(reject) {

		for(i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {

	if (reject)

		{

		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)

			{

			objtmp = sk_ASN1_OBJECT_value(reject, i);

			X509_add1_reject_object(x, objtmp);

			}

	if (checkend)

		{

		time_t t=ASN1_UTCTIME_get(X509_get_notAfter(x));

		time_t tnow=time(NULL);

		if(tnow+checkoffset > t)

		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)

			{

			BIO_printf(out,"Certificate will expire\n");

			ret=1;

	if 	(outformat == FORMAT_ASN1)

		i=i2d_X509_bio(out,x);

	else if (outformat == FORMAT_PEM) {

	else if (outformat == FORMAT_PEM)

		{

		if (trustout) i=PEM_write_bio_X509_AUX(out,x);

		else i=PEM_write_bio_X509(out,x);

	} else if (outformat == FORMAT_NETSCAPE)

		}

	else if (outformat == FORMAT_NETSCAPE)

		{

		ASN1_HEADER ah;

		ASN1_OCTET_STRING os;

		BIO_printf(bio_err,"bad output format specified for outfile\n");

		goto end;

		}

	if (!i) {

	if (!i)

		{

		BIO_printf(bio_err,"unable to write certificate\n");

		ERR_print_errors(bio_err);

		goto end;

	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)

		goto end;

	if(clrext) {

	if (clrext)

		{

		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);

		}

	if(conf) {

	if (conf)

		{

		X509V3_CTX ctx2;

		X509_set_version(x,2); /* version 3 certificate */

                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);

	if (bs != NULL) ASN1_INTEGER_free(bs);

	if (io != NULL)	BIO_free(io);

	if (serial != NULL) BN_free(serial);

	return(ret);

	return ret;

	}

static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)

	 * final ok == 1 calls to this function */

	err=X509_STORE_CTX_get_error(ctx);

	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

		return(1);

		return 1;

	/* BAD we should have gotten an error.  Normally if everything

	 * worked X509_STORE_CTX_get_error(ctx) will still be set to

	if (ok)

		{

		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");

		return(0);

		return 0;

		}

	else

		{

		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",

			err,X509_STORE_CTX_get_error_depth(ctx),

			X509_verify_cert_error_string(err));

		return(1);

		return 1;

		}

	}

		goto err;

	if (!X509_set_pubkey(x,pkey)) goto err;

	if(clrext) {

	if (clrext)

		{

		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);

		}

	if(conf) {

	if (conf)

		{

		X509V3_CTX ctx;

		X509_set_version(x,2); /* version 3 certificate */

                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);

                if (!X509V3_EXT_add_conf(conf, &ctx, section, x)) goto err;

		}

	if (!X509_sign(x,pkey,digest)) goto err;

	return(1);

	return 1;

err:

	ERR_print_errors(bio_err);

	return(0);

	return 0;

	}

static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)

	char *pname;

	id = X509_PURPOSE_get_id(pt);

	pname = X509_PURPOSE_get0_name(pt);

	for(i = 0; i < 2; i++) {

	for (i = 0; i < 2; i++)

		{

		idret = X509_check_purpose(cert, id, i);

		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 

		if (idret == 1) BIO_printf(bio, "Yes\n");

	return(s);

	}

int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)

	{

	struct tm *tm;

	int offset;

	int year;

#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')

	if (s->data[12] == 'Z')

		offset=0;

	else

		{

		offset = g2(s->data+13)*60+g2(s->data+15);

		if (s->data[12] == '-')

			offset = -offset;

		}

	t -= offset*60; /* FIXME: may overflow in extreme cases */

#if defined(THREADS) && !defined(WIN32)

	{ struct tm data; gmtime_r(&t, &data); tm = &data; }

#else

	tm = gmtime(&t);

#endif

#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1

	year = g2(s->data);

	if (year < 50)

		year += 100;

	return_cmp(year,              tm->tm_year);

	return_cmp(g2(s->data+2) - 1, tm->tm_mon);

	return_cmp(g2(s->data+4),     tm->tm_mday);

	return_cmp(g2(s->data+6),     tm->tm_hour);

	return_cmp(g2(s->data+8),     tm->tm_min);

	return_cmp(g2(s->data+10),    tm->tm_sec);

#undef g2

#undef return_cmp

	return 0;

	}

#if 0

time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)

	{

	struct tm tm;

	                               * Also time_t is inappropriate for general

	                               * UTC times because it may a 32 bit type. */

	}

#endif

int ASN1_UTCTIME_check(ASN1_UTCTIME *a);

ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);

int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 

int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);

#if 0

time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);

#endif

int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);

ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);