From f1828d39a76ddba3c807f1056165176c4a2f0731 Mon Sep 17 00:00:00 2001
From: Nathan Woodburn <github@nathan.woodburn.au>
Date: Sat, 1 Feb 2025 18:36:26 +1100
Subject: [PATCH] fix: Update to use UTC time for cert expiry and ignore
 verification errors

---
 domainLookup.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/domainLookup.py b/domainLookup.py
index 268011d..cbe454b 100644
--- a/domainLookup.py
+++ b/domainLookup.py
@@ -9,6 +9,9 @@ import dns.asyncresolver
 import httpx
 from requests_doh import DNSOverHTTPSSession, add_dns_provider
 import requests
+import urllib3
+
+urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # Disable insecure request warnings (since we are manually verifying the certificate)
 
 def hip2(domain: str):
     domain_check = False
@@ -75,9 +78,9 @@ def hip2(domain: str):
                                 break
         
 
-            expiry_date = cert_obj.not_valid_after
+            expiry_date = cert_obj.not_valid_after_utc
             # Check if expiry date is past
-            if expiry_date < datetime.datetime.now():
+            if expiry_date < datetime.datetime.now(datetime.timezone.utc):
                 return "Hip2: Certificate is expired"