The certificate for testnet.qtornado.com would be deleted on every run because it expires in 2118. Because it is saved as a GeneralizedDate and we strip away the century, and use `%y` ([docs](https://docs.python.org/3/library/time.html#time-y2kissues)) to infer the century again, we would report the certificate expired, even though it isn’t.
% openssl x509 -enddate -noout -in /home/janus/.electrum/testnet/certs/testnet.qtornado.com
notAfter=Jan 13 01:02:25 2118 GMT
My proposed fix is to use the available data, by only using `%y` with inference when the century is unavailable, avoiding throwing away the century unnecessarily.
These changes also changes the type of notAfter and notBefore, because I think its better if we parse them in the ASN1 parser where we know the correct format string.
I am also fixing a suspected timezone issue, because `mktime` takes a local time, and we are passing a UTC time. Instead of using local time stamps, I opted to use `timegm` to get the current UTC time. The comparison is now made on 9-tuples in UTC instead of floats.
You can view, comment on, or merge this pull request online at:
— Commit Summary —
* x509: handle dates in the 22nd century
— File Changes —
A electrum/tests/test_x509.py (6)
M electrum/x509.py (29)
— Patch Links —