OpenSSL 1.0.2 Compatibility
- Perform the time comparison in python to fix #192
- Add root cert has_expired test
- Self sign test cert to fix issue in #149
- Change test case to verify digest of a valid certficate
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index c7bdabc..1b1058e 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -1,5 +1,6 @@
-from time import time
+from time import time, strptime
from base64 import b16encode
+from calendar import timegm
from functools import partial
from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
from warnings import warn as _warn
@@ -1161,10 +1162,10 @@
:return: True if the certificate has expired, false otherwise
"""
now = int(time())
- notAfter = _lib.X509_get_notAfter(self._x509)
- return _lib.ASN1_UTCTIME_cmp_time_t(
- _ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0
+ notAfter = self.get_notAfter().decode('utf-8')
+ notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ'))
+ return now > notAfterSecs
def _get_boundary_time(self, which):
return _get_asn1_time(which(self._x509))