expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc

This commit is contained in:
Hossein Shafagh 2020-03-26 19:01:07 -07:00
parent 697215f8bc
commit 5206997468
1 changed files with 9 additions and 2 deletions

View File

@ -8,6 +8,8 @@
from datetime import timedelta
import arrow
import pytz
import datetime
from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import rsa
from flask import current_app
@ -321,8 +323,13 @@ class Certificate(db.Model):
@hybrid_property
def expired(self):
if self.not_after <= arrow.utcnow():
return True
if isinstance(self.not_after, datetime.datetime):
# can't compare offset-naive and offset-aware datetimes
if self.not_after.replace(tzinfo=pytz.UTC) <= arrow.utcnow():
return True
else:
if self.not_after <= arrow.utcnow():
return True
@expired.expression
def expired(cls):