diff options
author | lovetox <philipp@hoerist.com> | 2022-05-13 18:20:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-13 12:20:08 -0400 |
commit | 45ebb73416a67cb87b7ca0bfcfe7902b4f38250a (patch) | |
tree | 0a5e253c0feb791ffc3b2ff7eaeeaa0ef214d460 | |
parent | b31622b369618746e54242ebfcc305154bf0ef59 (diff) | |
download | pyopenssl-git-45ebb73416a67cb87b7ca0bfcfe7902b4f38250a.tar.gz |
Handle no expire date in X509.has_expire() (#1083)
get_notAfter() can return None.
Instead of raising a NoneType error, raise a ValueError which tells
us why it failed.
-rw-r--r-- | src/OpenSSL/crypto.py | 5 | ||||
-rw-r--r-- | tests/test_crypto.py | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index 8dec9a6..7f95d20 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1367,7 +1367,10 @@ class X509: :return: ``True`` if the certificate has expired, ``False`` otherwise. :rtype: bool """ - time_string = self.get_notAfter().decode("utf-8") + time_string = self.get_notAfter() + if time_string is None: + raise ValueError("Unable to determine notAfter") + time_string = time_string.decode("utf-8") not_after = datetime.datetime.strptime(time_string, "%Y%m%d%H%M%SZ") return not_after < datetime.datetime.utcnow() diff --git a/tests/test_crypto.py b/tests/test_crypto.py index ea89f6c..8c19030 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1968,6 +1968,14 @@ class TestX509(_PKeyInteractionTestsMixin): cert.gmtime_adj_notAfter(2) assert not cert.has_expired() + def test_has_expired_exception(self): + """ + `X509.has_expired` throws ValueError if not-after time is not set + """ + cert = X509() + with pytest.raises(ValueError): + cert.has_expired() + def test_root_has_not_expired(self): """ `X509.has_expired` returns `False` if the certificate's not-after time |