expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc
This commit is contained in:
parent
697215f8bc
commit
5206997468
|
@ -8,6 +8,8 @@
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
import arrow
|
import arrow
|
||||||
|
import pytz
|
||||||
|
import datetime
|
||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
from cryptography.hazmat.primitives.asymmetric import rsa
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
|
@ -321,6 +323,11 @@ class Certificate(db.Model):
|
||||||
|
|
||||||
@hybrid_property
|
@hybrid_property
|
||||||
def expired(self):
|
def expired(self):
|
||||||
|
if isinstance(self.not_after, datetime.datetime):
|
||||||
|
# can't compare offset-naive and offset-aware datetimes
|
||||||
|
if self.not_after.replace(tzinfo=pytz.UTC) <= arrow.utcnow():
|
||||||
|
return True
|
||||||
|
else:
|
||||||
if self.not_after <= arrow.utcnow():
|
if self.not_after <= arrow.utcnow():
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue