From 45ebb73416a67cb87b7ca0bfcfe7902b4f38250a Mon Sep 17 00:00:00 2001
From: lovetox <philipp@hoerist.com>
Date: Fri, 13 May 2022 18:20:08 +0200
Subject: Handle no expire date in X509.has_expire() (#1083)

get_notAfter() can return None.

Instead of raising a NoneType error, raise a ValueError which tells
us why it failed.
---
 src/OpenSSL/crypto.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/OpenSSL/crypto.py')

diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 8dec9a6..7f95d20 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1367,7 +1367,10 @@ class X509:
         :return: ``True`` if the certificate has expired, ``False`` otherwise.
         :rtype: bool
         """
-        time_string = self.get_notAfter().decode("utf-8")
+        time_string = self.get_notAfter()
+        if time_string is None:
+            raise ValueError("Unable to determine notAfter")
+        time_string = time_string.decode("utf-8")
         not_after = datetime.datetime.strptime(time_string, "%Y%m%d%H%M%SZ")
 
         return not_after < datetime.datetime.utcnow()
-- 
cgit v1.2.1