always revoke the certificate, even if it is already expired

[stack/cam.git] / cam / main.py

diff --git a/cam/main.py b/cam/main.py
index 538697e..a925df3 100755 (executable)
--- a/cam/main.py
+++ b/cam/main.py
@@ -87,8 +87,18 @@ def main():
             print c.public_key_file
             print c.private_key_file
         elif cmd == 'list':
+            now = time.time()
             for cert in sorted(certs, key=lambda x: x.name):
-                print cert.name, cert.cn, cert.get_expiration_date()
+                expiry = cert.get_expiration_date()
+                state = 'OK'
+                expiry_str = ''
+                if not expiry:
+                    state = 'MISSING'
+                else:
+                    if expiry < now:
+                        state = 'EXPIRED'
+                    expiry_str = time.strftime('%Y/%m/%d', time.gmtime(expiry))
+                print cert.name, cert.cn, state, expiry_str
         elif cmd == 'fp' or cmd == 'fingerprint':
             if len(args) > 0:
                 certs = [find_cert(certs, x) for x in args]