Certificate validity checks should be using UTC time #14

Closed
opened 2020-05-28 03:50:26 +00:00 by michael-lazar · 1 comment
Contributor

Hey :)

I discovered that immediately after generating a new server cert and attempting to connect to it with AV-98, I was greeted with a certificate validity error.

av98 gemini://localhost              8.8s  Wed May 27 23:38:24 2020
Welcome to AV-98!
Enjoy your patrol through Geminispace...
ERROR: ('Certificate not valid until: 2020-05-28 03:38:10!',)

Digging into the code, it looks like there is a bug where

    def _validate_cert(self, address, host, cert):
        now = datetime.datetime.now()

returns a datetime in my local timezone, whereas cryptography's not_valid_before and not_valid_before return datetimes in UTC.

The most straightforward fix would probably be to just switch over to using UTC for everything

now = datetime.datetime.utcnow()
Hey :) I discovered that immediately after generating a new server cert and attempting to connect to it with AV-98, I was greeted with a certificate validity error. ```python av98 gemini://localhost 8.8s  Wed May 27 23:38:24 2020 Welcome to AV-98! Enjoy your patrol through Geminispace... ERROR: ('Certificate not valid until: 2020-05-28 03:38:10!',) ``` Digging into the code, it looks like there is a bug where ```python def _validate_cert(self, address, host, cert): now = datetime.datetime.now() ``` returns a datetime in my local timezone, whereas cryptography's ``not_valid_before`` and ``not_valid_before`` return datetimes in UTC. The most straightforward fix would probably be to just switch over to using UTC for everything ```python now = datetime.datetime.utcnow() ```
Owner

Thanks so much, I've fixed this now!

Thanks so much, I've fixed this now!
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: solderpunk/AV-98#14
No description provided.