From da8b466e70ccdee9597db2270a254d9eadd6909d Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Thu, 14 Jun 2018 20:58:45 +0200
Subject: [PATCH] Fix: Do not list expired certificates

as already documented in help text

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 cmd/helpers.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/helpers.go b/cmd/helpers.go
index 6199412..eda5b77 100644
--- a/cmd/helpers.go
+++ b/cmd/helpers.go
@@ -36,6 +36,12 @@ func fetchCertificateBySerial(serial string) (*x509.Certificate, bool, error) {
 
 	data, _ := pem.Decode([]byte(cs.Data["certificate"].(string)))
 	cert, err := x509.ParseCertificate(data.Bytes)
+
+	if cert.NotAfter.Before(time.Now()) {
+		// Hide expired certs (they will not get the revoke-timestamp set on revoke)
+		revoked = true
+	}
+
 	return cert, revoked, err
 }