I was curious about how SSL certificates store validity information (for example when a certificate expires), so I ended up reading the X509 specification (excitingly called “Internet X.509 Public Key Infrastructure Certificate and CRL Profile”), as well as the ASN.1 information for UTCTimes. This is all new to me, but I am sure lots of other people understand this.
In the end it wasn’t too hard, and now I have hacked support for displaying certificate validity into Python’s TLSlite. The point of this post is mainly so I can find that documentation again if I need it, although I’ll put the TLSlite patch online as soon as I have had a chance to test it a little better.