[continued from previous message]

+ (1418472000, None, False),
+ # 2014-12-16 03:20, a little less than 3.5 days to expiry.
+ (1418700000, None, True),
+ # Times that should not renew
(1418472000, "4 days", False), (1418472000, "2 days", False),
# 2009-05-01 12:00:00+00:00 (about 5 years prior to expiry)
# Times that should result in autorenewal/autodeployment
(1241179200, "7 years", True),
(1241179200, "11 years 2 months", True),
- # Times that should not
+ # Times that should not renew
(1241179200, "8 hours", False), (1241179200, "2 days", False),
(1241179200, "40 days", False), (1241179200, "9 months", False),
# 2015-01-01 (after expiry has already happened, so all
@@ -480,6 +518,28 @@
(1420070400, "10 minutes", True),
(1420070400, "10 weeks", True), (1420070400, "10 months", True),
(1420070400, "10 years", True), (1420070400, "99 months", True),
+ (1420070400, None, True)
+ ]:
+ sometime = datetime.datetime.fromtimestamp(current_time, pytz.UTC) + mock_datetime.datetime.now.return_value = sometime
+ self.test_rc.configuration["renew_before_expiry"] = interval
+ assert self.test_rc.should_autorenew() == result
+
+ # Lifetime: 31 years
+ # Default renewal: about 10 years from expiry
+ # Not Before: May 29 07:42:01 2017 GMT
+ # Not After : Mar 30 07:42:01 2048 GMT
+ not_before=datetime.datetime(2017, 5, 29, 7, 42, 1)
+ long_cert = make_cert_with_lifetime(not_before, 31 * 365)
+ self.test_rc.update_all_links_to(12)
+ with open(self.test_rc.cert, "wb") as f:
+ f.write(long_cert)
+ self.test_rc.update_all_links_to(11)
+ with open(self.test_rc.cert, "wb") as f:
+ f.write(long_cert)
+ for (current_time, result) in [
+ (2114380800, False), # 2037-01-01
+ (2148000000, True), # 2038-01-25
]:
sometime = datetime.datetime.fromtimestamp(current_time, pytz.UTC)
mock_datetime.datetime.now.return_value = sometime
@@ -838,21 +898,6 @@
assert stat.S_IMODE(os.lstat(temp).st_mode) == \
stat.S_IMODE(os.lstat(temp2).st_mode)

- def test_update_symlinks(self):
- from certbot._internal import storage
- archive_dir_path = os.path.join(self.config.config_dir, "archive", "example.org")
- for kind in ALL_FOUR:
- live_path = self.config_file[kind]
- basename = kind + "1.pem"
- archive_path = os.path.join(archive_dir_path, basename)
- open(archive_path, 'a').close()
- os.symlink(os.path.join(self.config.config_dir, basename), live_path)
- with pytest.raises(errors.CertStorageError):
- storage.RenewableCert(self.config_file.filename,
- self.config)
- storage.RenewableCert(self.config_file.filename, self.config,
- update_symlinks=True)
-
def test_truncate(self):
# It should not do anything when there's less than 5 cert history
for kind in ALL_FOUR:
diff -Nru python-certbot-2.11.0/certbot/ocsp.py python-certbot-4.0.0/certbot/ocsp.py
--- python-certbot-2.11.0/certbot/ocsp.py 2024-06-05 17:34:02.000000000 -0400
+++ python-certbot-4.0.0/certbot/ocsp.py 2025-04-07 18:03:33.000000000 -0400
@@ -234,12 +234,12 @@
# See OpenSSL implementation as a reference:
# https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391
# thisUpdate/nextUpdate are expressed in UTC/GMT time zone
- now = datetime.now(pytz.UTC).replace(tzinfo=None)
- if not response_ocsp.this_update:
+ now = datetime.now(pytz.UTC)
+ if not response_ocsp.this_update_utc:
raise AssertionError('param thisUpdate is not set.')
- if response_ocsp.this_update > now + timedelta(minutes=5):
+ if response_ocsp.this_update_utc > now + timedelta(minutes=5):
raise AssertionError('param thisUpdate is in the future.')
- if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
+ if response_ocsp.next_update_utc and response_ocsp.next_update_utc