From 7d7803a4d9a21d95a005294f4eaca326bc076138 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sat, 11 Jun 2011 15:16:16 +1200
Subject: [PATCH] Add a hideous kludge to fix not-yet-valid certificates.

- The OpenSSL x509 has no way to explicitly set the notBefore value on
certificates.

- If two systems have the same configured time, it's possible to return a
certificate before the validity start time has arrived.

- We "solve" this by waiting for one second when a certificate is first
generated before returning the cert. The alternative is to rewrite pretty much
all of our certificate generation, a thought too horrible to contemplate.
---
 libmproxy/utils.py | 2 ++
 test/test_utils.py | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/libmproxy/utils.py b/libmproxy/utils.py
index 699cb8638..209ec27ad 100644
--- a/libmproxy/utils.py
+++ b/libmproxy/utils.py
@@ -14,6 +14,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 import re, os, subprocess, datetime, textwrap, errno, sys, time, functools
 
+CERT_SLEEP_TIME = 1
 
 def timestamp():
     """
@@ -485,6 +486,7 @@ def dummy_cert(certdir, ca, commonname):
             stdin=subprocess.PIPE
         )
         if ret: return None
+    time.sleep(CERT_SLEEP_TIME)
     return certpath
 
 
diff --git a/test/test_utils.py b/test/test_utils.py
index 94523676a..874b2c6f4 100644
--- a/test/test_utils.py
+++ b/test/test_utils.py
@@ -2,6 +2,8 @@ import textwrap, cStringIO, os, time, re
 import libpry
 from libmproxy import utils
 
+utils.CERT_SLEEP_TIME = 0
+
 
 class uformat_timestamp(libpry.AutoTree):
     def test_simple(self):