search

scolby33 / OCSPdash

A dashboard for the status of the top certificate authorities' OCSP responders.
MIT License
1 stars 0 forks source link

Datetime problems #6

Closed cthoyt closed 7 years ago

cthoyt commented 7 years ago

RE this code:

@property
def expired(self) -> bool:
    """Has this certificate expired?"""  
    certificate = asymmetric.load_certificate(self.subject)
    expires_on = certificate.asn1['tbs_certificate']['validity']['not_after'].native
    return expires_on < datetime.utcnow()

So the scenario is i ran update before and now i'm running it again, so it will use the cached stuff. It looks like the native time coming back isn't aware of timezones...

$ python3 -m ocspdash update
INFO:ocspdash.web.manager:using default connection: sqlite:////Users/cthoyt/.ocspdash/ocspdash.db
Traceback (most recent call last):
  File "/usr/local/Cellar/python3/3.6.2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/local/Cellar/python3/3.6.2/Frameworks/Python.framework/Versions/3.6/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/Users/cthoyt/dev/OCSPdash/src/ocspdash/__main__.py", line 10, in <module>
    main()
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/Users/cthoyt/dev/OCSPdash/src/ocspdash/cli.py", line 100, in update
    m.update(user, n=n)
  File "/Users/cthoyt/dev/OCSPdash/src/ocspdash/web/manager.py", line 161, in update
    chain = self.ensure_chain(responder)
  File "/Users/cthoyt/dev/OCSPdash/src/ocspdash/web/manager.py", line 113, in ensure_chain
    if most_recent and not most_recent.expired and not most_recent.old:
  File "/Users/cthoyt/dev/OCSPdash/src/ocspdash/web/models.py", line 85, in expired
    return expires_on < datetime.utcnow()
TypeError: can't compare offset-naive and offset-aware datetimes
scolby33 commented 7 years ago

Interesting. I'll have to investigate what timezone is returned then (I think it's UTC) and hardcode it. It should be standardized for certificates, so that's good.