1
0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-01 05:31:51 +01:00

replace outdated interface

cryptography-42.0.0 introduces new interfaces to query certificate
lifetime. The only difference is that the UTC timezone is set in the
datetime object, instead of the timezone being undefined.
However, the old interface now prints deprecation warnings.
This commit is contained in:
David Klaftenegger 2024-05-21 21:21:00 +02:00
parent 9ca6dae048
commit c15c9836ba
2 changed files with 4 additions and 4 deletions

View File

@ -12,7 +12,7 @@ Requirements
------------ ------------
* Python (2.7+ and 3.5+ should work) * Python (2.7+ and 3.5+ should work)
* cryptography>=0.6 * cryptography>=42.0.0
Optional requirements (to use specified features) Optional requirements (to use specified features)
------------------------------------------------------ ------------------------------------------------------

View File

@ -92,12 +92,12 @@ def get_url(url, data=None, headers=None):
# @param ttl_days the minimum amount of days for which the certificate must be valid # @param ttl_days the minimum amount of days for which the certificate must be valid
# @return True if certificate is still valid for at least ttl_days, False otherwise # @return True if certificate is still valid for at least ttl_days, False otherwise
def is_cert_valid(cert, ttl_days): def is_cert_valid(cert, ttl_days):
now = datetime.datetime.now() now = datetime.datetime.now(datetime.timezone.utc)
if cert.not_valid_before > now: if cert.not_valid_before_utc > now:
raise InvalidCertificateError("Certificate seems to be from the future") raise InvalidCertificateError("Certificate seems to be from the future")
expiry_limit = now + datetime.timedelta(days=ttl_days) expiry_limit = now + datetime.timedelta(days=ttl_days)
if cert.not_valid_after < expiry_limit: if cert.not_valid_after_utc < expiry_limit:
return False return False
return True return True