Merge remote-tracking branch 'meskio/feature/6210_key_newer' into develop

author: drebs <drebs@leap.se> 2014-11-10 16:18:17 -0200
committer: drebs <drebs@leap.se> 2014-11-10 16:18:17 -0200
commit: 27776fbab6fe963082a882dfb5232c54b0195d5f (patch)
tree: 51780a96c6df649ce0245ce4c63a5fe9a530649b /src/leap/keymanager/validation.py
parent: a5cf287dabc77b7172c2f058696cee1024ea3297 (diff)
parent: c223cca848e854d0015314ef517a6a4f928a2d0a (diff)
1 files changed, 4 insertions, 6 deletions
diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py
index 6dceb78..cf5b4a8 100644
--- a/src/leap/keymanager/validation.py
+++ b/src/leap/keymanager/validation.py
@@ -73,7 +73,6 @@ def can_upgrade(new_key, old_key):
 
     # An update of the same key
     if new_key.fingerprint == old_key.fingerprint:
-        # XXX wich one is newer? is that a downgrade attack? (#6210)
         return True
 
     # Manually verified fingerprint
@@ -81,11 +80,10 @@ def can_upgrade(new_key, old_key):
         return True
 
     # Expired key and higher validation level
-    if old_key.expiry_date:
-        old_expiry_date = datetime.fromtimestamp(int(old_key.expiry_date))
-        if (old_expiry_date < datetime.now() and
-                new_key.validation >= old_key.validation):
-            return True
+    if (old_key.expiry_date is not None and
+            old_key.expiry_date < datetime.now() and
+            new_key.validation >= old_key.validation):
+        return True
 
     # No expiration date and higher validation level
     elif new_key.validation >= old_key.validation:
author	drebs <drebs@leap.se>	2014-11-10 16:18:17 -0200
committer	drebs <drebs@leap.se>	2014-11-10 16:18:17 -0200
commit	27776fbab6fe963082a882dfb5232c54b0195d5f (patch)
tree	51780a96c6df649ce0245ce4c63a5fe9a530649b /src/leap/keymanager/validation.py
parent	a5cf287dabc77b7172c2f058696cee1024ea3297 (diff)
parent	c223cca848e854d0015314ef517a6a4f928a2d0a (diff)