From 1ef6139f9bfc9becee9cb8d32f91c93fb6f1d360 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Mon, 26 Oct 2020 18:34:21 -0700 Subject: [PATCH] ignore rotated certs, since there is a new cert that can be used --- lemur/certificates/service.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 275935b2..ef82c605 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -567,6 +567,7 @@ def query_common_name(common_name, args): result = ( Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD")) .filter(not_(Certificate.revoked)) + .filter(not_(Certificate.replaced.any())) # ignore rotated certificates to avoid duplicates .all() ) elif common_name == "%": @@ -575,6 +576,7 @@ def query_common_name(common_name, args): Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD")) .filter(Certificate.owner == owner) .filter(not_(Certificate.revoked)) + .filter(not_(Certificate.replaced.any())) # ignore rotated certificates to avoid duplicates .all() ) else: @@ -584,6 +586,7 @@ def query_common_name(common_name, args): .filter(Certificate.cn.like(common_name)) .filter(Certificate.owner == owner) .filter(not_(Certificate.revoked)) + .filter(not_(Certificate.replaced.any())) # ignore rotated certificates to avoid duplicates .all() )