Generate certificates with a commencement date an hour in the past.

This helps smooth over small discrepancies in client and server times, where it's possible for a certificate to seem to be "in the future" to the client.
2024-11-23 08:11:00 +00:00 · 2013-01-06 01:16:58 +13:00 · 2013-01-06 01:16:58 +13:00 · 91834ea78f
commit 91834ea78f
parent 72032d7fe7
1 changed files with 1 additions and 1 deletions
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@ -104,7 +104,7 @@ def dummy_cert(fp, ca, commonname, sans):
        req.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", True, ss)])

    cert = OpenSSL.crypto.X509()
-    cert.gmtime_adj_notBefore()
+    cert.gmtime_adj_notBefore(-3600)
    cert.gmtime_adj_notAfter(60 * 60 * 24 * 30)
    cert.set_issuer(ca.get_subject())
    cert.set_subject(req.get_subject())