diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 60cf18d978f..11b716f015b 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -31,6 +31,7 @@ import stat import subprocess import tempfile +import datetime import grp import pwd @@ -2099,8 +2100,22 @@ def get_cert_info(self, nickname, token=None): cert['issuer'] = pki.convert_x509_name_to_dn(cert_obj.issuer) cert['subject'] = pki.convert_x509_name_to_dn(cert_obj.subject) - cert['not_before'] = self.convert_time_to_millis(cert_obj.not_valid_before_utc) - cert['not_after'] = self.convert_time_to_millis(cert_obj.not_valid_after_utc) + if hasattr(cert_obj, 'not_valid_before_utc'): + # available since Python Cryptography 42 + not_before = cert_obj.not_valid_before_utc + else: + # use the deprecated attribute then convert into UTC + not_valid_before = cert_obj.not_valid_before.replace(tzinfo=datetime.timezone.utc) + cert['not_before'] = self.convert_time_to_millis(not_before) + + if hasattr(cert_obj, 'not_valid_after_utc'): + # available since Python Cryptography 42 + not_after = cert_obj.not_valid_after_utc + else: + # use the deprecated attribute then convert into UTC + not_after = cert_obj.not_valid_after.replace(tzinfo=datetime.timezone.utc) + cert['not_after'] = self.convert_time_to_millis(not_after) + cert['trust_flags'] = self.get_trust(nickname=nickname, token=token) logger.debug('NSSDatabase.get_cert_info(%s) ends', nickname) diff --git a/docs/changes/v11.6.0/API-Changes.adoc b/docs/changes/v11.6.0/API-Changes.adoc new file mode 100644 index 00000000000..9f78cbeef60 --- /dev/null +++ b/docs/changes/v11.6.0/API-Changes.adoc @@ -0,0 +1,5 @@ += API Changes = + +== NSSDatabase.get_cert_info() changes == + +The `NSSDatabase.get_cert_info()` has been modified to return `not_before` and `not_after` attributes in UTC timezone.