-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl.cert_time_to_seconds() returns wrong results if local timezone is not UTC #64139
Comments
cert_time_to_seconds() uses Example from the docs 2 is seven hours off (it shows utc offset of the local timezone of the person who created it): >>> import ssl
>>> ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT")
1178694000.0 It should be >>> from datetime import datetime
>>> datetime.utcfromtimestamp(1178668800)
datetime.datetime(2007, 5, 9, 0, 0)
>>> import time
>>> time.gmtime(1178668800)
time.struct_time(tm_year=2007, tm_mon=5, tm_mday=9, tm_hour=0, tm_min=0, tm_sec=0, tm_wday=2, tm_yday=129, tm_isdst=0) And >>> calendar.timegm(time.strptime("May 9 00:00:00 2007 GMT", "%b %d %H:%M:%S %Y GMT"))
1178668800 |
Will work on this. Instructions before proceeding by Tim Golden(python mailing list): Having just glanced at that issue, I would point out that there's been a |
Indeed the example in the docs is wrong, and so is the current behaviour. The example shows "round-tripping" using ssl.cert_time_to_seconds() and then time.ctime(), except that it is bogus as it takes a GMT time and ctime() returns a local time ("""Convert a time expressed in seconds since the epoch to a string representing local time"""). Still, we should only fix it in 3.4, as code written for prior versions may rely on the current (bogus) behaviour. |
gudge, your contribution is welcome! If you need guidance about how to write a patch, you can read the developer's guide: http://docs.python.org/devguide/ Also you will have to sign a contributor's agreement: http://www.python.org/psf/contrib/ |
gudge, There is also an issue with the current strptime format 1 (
>>> timestr = "May 9 00:00:00 2007 GMT"
>>> import ssl
>>> ssl.cert_time_to_seconds(timestr)
1178661600.0
>>> import locale
>>> locale.setlocale(locale.LC_TIME, 'pl_PL.utf8')
'pl_PL.utf8'
>>> ssl.cert_time_to_seconds(timestr)
Traceback (most recent call last):
...[snip]...
ValueError: time data 'May 9 00:00:00 2007 GMT' does not match format '%b %d %H:%M:%S %Y GMT' |
----------------------------------------------------------------------------------------------------- >>> import ssl
>>> ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT")
1178649000.0
>>> from datetime import datetime
>>> datetime.utcfromtimestamp(1178668800)
datetime.datetime(2007, 5, 9, 0, 0)
>>> import time
>>> time.gmtime(1178668800)
time.struct_time(tm_year=2007, tm_mon=5, tm_mday=9, tm_hour=0, tm_min=0, tm_sec=0, tm_wday=2, tm_yday=129, tm_isdst=0)
>>> import calender
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named 'calender'
>>> import callendar
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ImportError: No module named 'callendar'
>>> import calendar
>>> calendar.timegm(time.strptime("May 9 00:00:00 2007 GMT", "%b %d %H:%M:%S %Y GMT"))
1178668800 I am running a VM on windows host machine. >>> import ssl
>>> ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT")
1178694000.0 It should be But I get also get the same answer with the Python build from latest sources?
Are these results fine. These results are with no changes. What about the 3 tests which failed. Are these known failures? Now say I have to pull time again to get the latest code. Does it help
Thanks |
Sorry I think I did not read msg205774 (1st comment) correctly. "cert_time_to_seconds() uses So the function cert_time_to_seconds() has to be fixed? Thanks |
Yes! |
Patch is uploaded. I have created the patch with git. Let me know if it is okay with you. Patch: diff --combined Doc/library/ssl.rst
index a6ce5d6,30cb732..0000000
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@@ -366,7 -366,7 +366,7 @@@ Certificate handlin
>>> import ssl
>>> ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT")
- 1178694000.0
+ 1178668800
>>> import time
>>> time.ctime(ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT"))
'Wed May 9 00:00:00 2007'
diff --combined Lib/ssl.py
index f81ef91,052a118..0000000
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@@ -852,8 -852,7 +852,8 @@@ def cert_time_to_seconds(cert_time)
a Python time value in seconds past the epoch."""
import time
- return time.mktime(time.strptime(cert_time, "%b %d %H:%M:%S %Y GMT"))
+ import calendar
+ return calendar.timegm(time.strptime(cert_time, "%b %d %H:%M:%S %Y GMT"))
PEM_HEADER = "-----BEGIN CERTIFICATE-----"
PEM_FOOTER = "-----END CERTIFICATE-----" Test Results: Doc changes won't effect the code. The tests would not fail. >>> import ssl
>>> ssl.cert_time_to_seconds("May 9 00:00:00 2007 GMT")
1178668800 I do not have a printer curretly. I will sign the license agreement |
Answering to your questions:
Yes, it's ok.
The devguide has detailed documentation about how to modify and build As for the tests:
|
gudge, have you seen http://bugs.python.org/msg205860 (the locale issue)? If you can't fix it; say so, I'll open another issue after this issue is fixed. |
Akira, I will fix it. I will put in the patch in the same bug. |
How do I run a particluar test case, like the test I added
|
Can you please provide some hints on how to handle The value of format_regex
The value of months are different. Thanks |
The point of the locale issue is that "notBefore", "notAfter" strings do not change if your locale changes. You don't need a new regex for each locale. I've attached ssl_cert_time_seconds.py file that contains example cert_time_to_seconds(cert_time) implementation that fixes both the timezone and the locale issues. |
Akira, do you want to write a proper patch with tests? If you are interested, you can take a look at http://docs.python.org/devguide/ You'll also have to sign a contributor's agreement at http://www.python.org/psf/contrib/contrib-form/ |
Antoine, I've signed the agreement. I've added ssl_cert_time_toseconds.patch with code, tests, and documention updates. |
Akira, thanks. I have posted a review; if you haven't received the e-mail notification, you can still access it at http://bugs.python.org/review/19940/#ps11142 |
Antoine, I haven't received the e-mail notification. I've replied to the comments on Rietveld. Here's the updated patch with the corresponding changes. |
Here's a new patch with a simplified ssl.cert_time_to_seconds() The behaviour is changed:
I've added more tests. Please, review. |
Replace IndexError with ValueError in the patch because tuple.index raises ValueError. |
I've updated the patch:
Ready for review. |
Thanks for the updated patch, Akira! I'm gonna take a look right now. |
New changeset 7191c37238d5 by Antoine Pitrou in branch 'default': |
I've committed the patch. Thank you very much for contributing! |
Antoine, thank you for reviewing. I appreciate the patience. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: