mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 00:20:04 -06:00
ipa-cert-fix: use timezone-aware datetime
ipa-cert-fix compares the current datetime with the value obtained from a cert.not_valid_after. With the fix for #9425, not_valid_after is timezone aware and cannot be compared to a naive datetime. Make the datetime "now" timezone aware. Related: https://pagure.io/freeipa/issue/9425 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
59e68f79e4
commit
0f16b72bcb
@ -128,7 +128,9 @@ class IPACertFix(AdminTool):
|
||||
|
||||
ca_subject_dn = ca.lookup_ca_subject(api, subject_base)
|
||||
|
||||
now = datetime.datetime.now() + datetime.timedelta(weeks=2)
|
||||
now = (
|
||||
datetime.datetime.now(tz=datetime.UTC)
|
||||
+ datetime.timedelta(weeks=2))
|
||||
certs, extra_certs, non_renewed = expired_certs(now)
|
||||
|
||||
if not certs and not extra_certs:
|
||||
|
Loading…
Reference in New Issue
Block a user