diff options
author | Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> | 2021-12-13 13:13:52 -0800 |
---|---|---|
committer | Julien Cristau <jcristau@debian.org> | 2021-12-14 09:25:12 +0100 |
commit | 4784cf2dac3b6a10f4747423ee8c7f912804feb2 (patch) | |
tree | c6c810281b4d3911328375fb114dbc32667435af | |
parent | 07de54fdcc5806bde549e1edf60738c6bccf50e8 (diff) | |
download | ca-certificates-4784cf2dac3b6a10f4747423ee8c7f912804feb2.tar.gz |
mozilla/certdata2pem.py: use UTC time when checking cert validity
x509.not_valid_after returns naive UTC datetime and so does
datetime.utcnow(), so keep the time consistent when performing the
comparison.
Fixes: 8033d5225917 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
-rw-r--r-- | mozilla/certdata2pem.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index ede23d4..3bd24f3 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -123,7 +123,7 @@ for obj in objects: continue cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) - if cert.not_valid_after < datetime.datetime.now(): + if cert.not_valid_after < datetime.datetime.utcnow(): print('!'*74) print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) print('!'*74) |