expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc

This commit is contained in:
Hossein Shafagh 2020-03-26 19:01:07 -07:00
parent 697215f8bc
commit 5206997468
1 changed files with 9 additions and 2 deletions

View File

@ -8,6 +8,8 @@
from datetime import timedelta from datetime import timedelta
import arrow import arrow
import pytz
import datetime
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from flask import current_app from flask import current_app
@ -321,8 +323,13 @@ class Certificate(db.Model):
@hybrid_property @hybrid_property
def expired(self): def expired(self):
if self.not_after <= arrow.utcnow(): if isinstance(self.not_after, datetime.datetime):
return True # can't compare offset-naive and offset-aware datetimes
if self.not_after.replace(tzinfo=pytz.UTC) <= arrow.utcnow():
return True
else:
if self.not_after <= arrow.utcnow():
return True
@expired.expression @expired.expression
def expired(cls): def expired(cls):