mozilla/certdata2pem.py: use UTC time when checking cert validity

x509.not_valid_after returns naive UTC datetime and so does datetime.utcnow(), so keep the time consistent when performing the comparison. Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.") Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> Signed-off-by: Julien Cristau <jcristau@debian.org>
author: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> 2021-12-13 13:13:52 -0800
committer: Julien Cristau <jcristau@debian.org> 2021-12-14 09:25:12 +0100
commit: 4784cf2dac3b6a10f4747423ee8c7f912804feb2 (patch)
tree: c6c810281b4d3911328375fb114dbc32667435af
parent: 07de54fdcc5806bde549e1edf60738c6bccf50e8 (diff)
download: ca-certificates-4784cf2dac3b6a10f4747423ee8c7f912804feb2.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index ede23d4..3bd24f3 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -123,7 +123,7 @@ for obj in objects:
             continue
 
         cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-        if cert.not_valid_after < datetime.datetime.now():
+        if cert.not_valid_after < datetime.datetime.utcnow():
             print('!'*74)
             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
             print('!'*74)
author	Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>	2021-12-13 13:13:52 -0800
committer	Julien Cristau <jcristau@debian.org>	2021-12-14 09:25:12 +0100
commit	4784cf2dac3b6a10f4747423ee8c7f912804feb2 (patch)
tree	c6c810281b4d3911328375fb114dbc32667435af
parent	07de54fdcc5806bde549e1edf60738c6bccf50e8 (diff)
download	ca-certificates-4784cf2dac3b6a10f4747423ee8c7f912804feb2.tar.gz