Skip to content

Commit

Permalink
Support InvalidityDate.invalidity_date_utc.
Browse files Browse the repository at this point in the history
  • Loading branch information
felixfontein committed Apr 23, 2024
1 parent 3899f79 commit 8d128c1
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 2 additions & 0 deletions changelogs/fragments/730-cryptography-invalidity_date.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- When using cryptography >= 43.0.0, use offset-aware ``datetime.datetime`` objects (with timezone UTC) instead of offset-naive UTC timestamps for the ``InvalidityDate`` X.509 CRL extension (https://github.com/ansible-collections/community.crypto/issues/726, https://github.com/ansible-collections/community.crypto/pull/730).
6 changes: 5 additions & 1 deletion plugins/module_utils/crypto/cryptography_crl.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@


try:
import cryptography
from cryptography import x509
except ImportError:
# Error handled in the calling module.
Expand All @@ -32,6 +33,8 @@
# to True and adjust get_invalidity_date() accordingly.
# (https://github.com/pyca/cryptography/issues/10818)
CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE = False
if HAS_CRYPTOGRAPHY:
CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE = LooseVersion(cryptography.__version__) >= LooseVersion('43.0.0')

TIMESTAMP_FORMAT = "%Y%m%d%H%M%SZ"

Expand Down Expand Up @@ -139,7 +142,8 @@ def get_revocation_date(obj):


def get_invalidity_date(obj):
# TODO: special handling if CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE is True
if CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE:
return obj.invalidity_date_utc
return obj.invalidity_date


Expand Down

0 comments on commit 8d128c1

Please sign in to comment.