Comments (6)
noelmartinon
commented on July 22, 2024
1
Hello, need to be completed :
With django-ca 1.23.0, issue if 'USE_TZ = True' when signing cert. For example:
python manage.py sign_cert --ca=Intermediate --csr=example.csr --out=example.pem --client --alt=hello.example.org'''
File "/srv/venv/lib/python3.10/site-packages/django_ca/management/base.py", line 269, in test_options
if ca.expires < expires:
TypeError: can't compare offset-naive and offset-aware datetimes
Resolved with:
--- a/ca/django_ca/management/base.py 2023-04-02 10:07:46.267345675 -0400
+++ b/ca/django_ca/management/base.py 2023-04-02 10:06:31.622540000 -0400
@@ -31,7 +31,7 @@
from django_ca.management import actions, mixins
from django_ca.models import CertificateAuthority
from django_ca.profiles import Profile
-from django_ca.utils import NAME_OID_MAPPINGS
+from django_ca.utils import NAME_OID_MAPPINGS, make_naive
class BinaryOutputWrapper(OutputWrapper):
@@ -265,6 +265,7 @@
"""Additional tests for validity of some options."""
expires = profile.get_expires(expires)
+ ca.expires = make_naive(ca.expires)
if ca.expires < expires:
max_days = (ca.expires - timezone.now()).daysfrom django-ca.
mathiasertl
commented on July 22, 2024
Thanks for your Bugreport! I can reproduce the issue and I'm working on a fix.
In the mean time, this patch also fixes the issue:
--- a/ca/django_ca/utils.py
+++ b/ca/django_ca/utils.py
@@ -50,6 +50,7 @@ from cryptography.x509.oid import NameOID
from django.core.files.storage import get_storage_class
from django.core.validators import URLValidator
+from django.utils import timezone as tz
from django.utils.translation import gettext_lazy as _
from . import ca_settings
@@ -1162,6 +1177,8 @@ def get_cert_builder(expires: datetime, serial: Optional[int] = None) -> x509.Ce
if serial is None:
serial = x509.random_serial_number()
+ if tz.is_aware(expires):
+ expires = tz.make_naive(expires)
if expires <= now:
raise ValueError("expires must be in the future")
from django-ca.
jacekjaros
commented on July 22, 2024
hi @mathiasertl
after applying patch my setup are working fine, thanks for quick response.
from django-ca.
mathiasertl
commented on July 22, 2024
hi @jacekjaros,
Fixed in c8ed135 (and forgot to mention that in the commit message). This will be in 1.20, for which I'm actually just finishing documentation updates.
kr, Mat
from django-ca.
mathiasertl
commented on July 22, 2024
@noelmartinon Thanks for the report, and I've re-opened the issue!
Please note that in general maintainers won't notice comments on closed issues, I spotted this by chance. It's usually better to open a new issue.
from django-ca.
mathiasertl
commented on July 22, 2024
@noelmartinon I believe the issue is fixed in the current main branch. You you cloned the source from git, you're welcome to try it out,otherwise the next release (mid May) will include the fix!
If you have further feedback, please feel free to comment!
from django-ca.
Related Issues (20)
- REST api HOT 8
- ACME error HOT 5
- Configure OCSP response validity when using docker compose HOT 4
- Acme Disable new accounts HOT 4
- Parsing issues running init_ca HOT 2
- OCSP request for unknown cert received HOT 7
- Ability to sign certificate via configurable hook / external HSM HOT 14
- Smartcard Extension 1.3.6.1.4.1.311.25.2 support HOT 1
- The client sent an unacceptable anti-replay nonce :: Bad or invalid nonce HOT 7
- failed to parse fullchain into cert and chain: less than 2 certificates in chain HOT 4
- ecc_curve in 'init_ca' command HOT 5
- acme clients not working, bad nonce HOT 7
- multiple SAN attributes not working HOT 3
- CA_PROFILES expiration time is ignored HOT 2
- CRL Issuing Distribution Point (IDP) should be configurable in CertificateRevocationListView HOT 7
- TypeError: cannot pickle 'builtins.ObjectIdentifier' object HOT 3
- Config is not read HOT 2
- Generate CT Certificate Transparency logs HOT 2
- CA_DEFAULT_SUBJECT HOT 2
- Profiles - default, custom and command line HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-ca.