From 6a1b4b48577166a536bb9223e749fcda05e0a5af Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Mon, 26 Oct 2020 18:33:33 -0700
Subject: [PATCH] ignore expired certs

---
 lemur/certificates/service.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py
index 1b026f4d..275935b2 100644
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@@ -566,6 +566,7 @@ def query_common_name(common_name, args):
     if common_name == "%" and not owner:
         result = (
             Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
+            .filter(not_(Certificate.revoked))
             .all()
         )
     elif common_name == "%":
@@ -573,6 +574,7 @@ def query_common_name(common_name, args):
         result = (
             Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
             .filter(Certificate.owner == owner)
+            .filter(not_(Certificate.revoked))
             .all()
         )
     else:
@@ -581,6 +583,7 @@ def query_common_name(common_name, args):
             Certificate.query.filter(Certificate.not_after >= current_time.format("YYYY-MM-DD"))
             .filter(Certificate.cn.like(common_name))
             .filter(Certificate.owner == owner)
+            .filter(not_(Certificate.revoked))
             .all()
         )