From b310b278be4b15766b4b8900073f26814e3aff03 Mon Sep 17 00:00:00 2001
From: Abhijeet Kasurde <akasurde@redhat.com>
Date: Mon, 11 Jun 2018 19:23:53 +0530
Subject: [PATCH] Convert valid_date to bytes for conversion (#40872)
Fixes: #40523
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
---
lib/ansible/modules/crypto/openssl_certificate.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py
index a28014898b..29134b33ca 100644
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@@ -661,7 +661,7 @@ class AssertOnlyCertificate(Certificate):
def _validate_valid_at():
if self.valid_at:
- if not (self.valid_at >= self.cert.get_notBefore() and self.valid_at <= self.cert.get_notAfter()):
+ if not (self.cert.get_notBefore() <= self.valid_at <= self.cert.get_notAfter()):
self.message.append(
'Certificate is not valid for the specified date (%s) - notBefore: %s - notAfter: %s' % (self.valid_at,
self.cert.get_notBefore(),
@@ -680,8 +680,8 @@ class AssertOnlyCertificate(Certificate):
def _validate_valid_in():
if self.valid_in:
valid_in_date = datetime.datetime.utcnow() + datetime.timedelta(seconds=self.valid_in)
- valid_in_date = valid_in_date.strftime('%Y%m%d%H%M%SZ')
- if not (valid_in_date >= self.cert.get_notBefore() and valid_in_date <= self.cert.get_notAfter()):
+ valid_in_date = to_bytes(valid_in_date.strftime('%Y%m%d%H%M%SZ'), errors='surrogate_or_strict')
+ if not (self.cert.get_notBefore() <= valid_in_date <= self.cert.get_notAfter()):
self.message.append(
'Certificate is not valid in %s seconds from now (%s) - notBefore: %s - notAfter: %s' % (self.valid_in,
valid_in_date,