Skip to content

UTC-aware datetime/cryptography.x509 modernization; python >= 3.12, cryptography.x509 >= 42.0.0#211

Open
jimmbelll wants to merge 1 commit intoalexa:masterfrom
jimmbelll:jimmbelll-patch-py3.13-utc
Open

UTC-aware datetime/cryptography.x509 modernization; python >= 3.12, cryptography.x509 >= 42.0.0#211
jimmbelll wants to merge 1 commit intoalexa:masterfrom
jimmbelll:jimmbelll-patch-py3.13-utc

Conversation

@jimmbelll
Copy link

@jimmbelll jimmbelll commented Jan 18, 2026

Description, Motivation and Context

Review these versions carefully.

cryptography.x509 deprecates not_valid_before and not_valid_after, replacing them with the UTC-aware not_valid_before_utc and not_valid_after_utc which were added in 42.0.0.

Further, Python's built-in datetime.datetime.utcnow() is deprecated since 3.12, replaced by now(datetime.UTC). Constant datetime.UTC was added in 3.11.

Further still, x509's not_valid_before_utc/not_valid_after_utc return UTC-aware datetime objects, which don't compare with the UTC-unaware values returned from utcnow(). Comparing the two fails:

TypeError: can't compare offset-naive and offset-aware datetimes

Debian trixie (13.3) stocks python 3.13.5, which motivates these changes.

These warnings indicate that this change is required:

CryptographyDeprecationWarning: Properties that return a naïve datetime object
  have been deprecated. Please switch to not_valid_before_utc.

CryptographyDeprecationWarning: Properties that return a naïve datetime object
  have been deprecated. Please switch to not_valid_after_utc.

Another indication:

>>> x = datetime.datetime.utcnow()
<python-input-3>:1: DeprecationWarning: datetime.datetime.utcnow() is deprecated
  and scheduled for removal in a future version. Use timezone-aware objects to
  represent datetimes in UTC:
    datetime.datetime.now(datetime.UTC).

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows the code style of this project
  • My change requires a change to the documentation
  • I have updated the documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed

License

  • By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@jimmbelll
Python cryptography.x509 and datetime use UTC for python >= 3.12.
f9860ee 
Python's cryptography.x509 library gives CryptographyDeprecationWarning, requesting a switch to not_valid_before_utc and not_valid_after_utc.

Further, Python's built-in datetime.datetime.utcnow() is deprecated since python 3.12, replaced by now(datetime.UTC).

These changes are required for Debian trixie's stock python 3.13.5.

https://docs.python.org/3/library/datetime.html#datetime.datetime.now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jimmbelll