From 91834ea78f36e1e89d4f19ecdddef83b0286b4d4 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Sun, 6 Jan 2013 01:16:58 +1300 Subject: [PATCH] Generate certificates with a commencement date an hour in the past. This helps smooth over small discrepancies in client and server times, where it's possible for a certificate to seem to be "in the future" to the client. --- netlib/certutils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netlib/certutils.py b/netlib/certutils.py index 51fd9da9f..87d9d5d8f 100644 --- a/netlib/certutils.py +++ b/netlib/certutils.py @@ -104,7 +104,7 @@ def dummy_cert(fp, ca, commonname, sans): req.add_extensions([OpenSSL.crypto.X509Extension("subjectAltName", True, ss)]) cert = OpenSSL.crypto.X509() - cert.gmtime_adj_notBefore() + cert.gmtime_adj_notBefore(-3600) cert.gmtime_adj_notAfter(60 * 60 * 24 * 30) cert.set_issuer(ca.get_subject()) cert.set_subject(req.get_subject())