ipa-cert-fix: use timezone-aware datetime

ipa-cert-fix compares the current datetime with the
value obtained from a cert.not_valid_after.
With the fix for #9425, not_valid_after is timezone
aware and cannot be compared to a naive datetime.

Make the datetime "now" timezone aware.
Related: https://pagure.io/freeipa/issue/9425

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Florence Blanc-Renaud 2023-08-10 14:45:56 +02:00
parent 59e68f79e4
commit 0f16b72bcb

View File

@ -128,7 +128,9 @@ class IPACertFix(AdminTool):
ca_subject_dn = ca.lookup_ca_subject(api, subject_base)
now = datetime.datetime.now() + datetime.timedelta(weeks=2)
now = (
datetime.datetime.now(tz=datetime.UTC)
+ datetime.timedelta(weeks=2))
certs, extra_certs, non_renewed = expired_certs(now)
if not certs and not extra_certs: