From e23f3f8726772aa2655586ac0753b4b36247fe34 Mon Sep 17 00:00:00 2001
From: "Peter J. Holzer" <hjp@hjp.at>
Date: Sun, 20 Nov 2022 18:46:39 +0100
Subject: [PATCH] Report errors as "just expired"

---
 clients/report_tlscert | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/clients/report_tlscert b/clients/report_tlscert
index 382180d..a81633c 100755
--- a/clients/report_tlscert
+++ b/clients/report_tlscert
@@ -23,11 +23,14 @@ report0 = []
 
 with socket.create_connection((args.hostname, args.port)) as sock:
     context = ssl.create_default_context()
-    with context.wrap_socket(sock, server_hostname=args.hostname) as ssock:
-        cert = ssock.getpeercert()
-        not_after = ssl.cert_time_to_seconds(cert["notAfter"])
-        delta = not_after - now
-        report0.append({ "measure": "tls_cert_ttl", "unit": "s", "value": delta })
+    try:
+        with context.wrap_socket(sock, server_hostname=args.hostname) as ssock:
+            cert = ssock.getpeercert()
+            not_after = ssl.cert_time_to_seconds(cert["notAfter"])
+            delta = not_after - now
+    except ssl.SSLCertVerificationError:
+        delta = 0
+    report0.append({ "measure": "tls_cert_ttl", "unit": "s", "value": delta })
 
 report = [
     {