From 8bb6d2f067a5a1aa63a62ae0ffd4b9cbb7f9d3af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20V=C4=8Del=C3=A1k?= <jvcelak@ns1.com>
Date: Thu, 8 Jul 2021 16:55:39 +0200
Subject: fix comparing record TTL and RRSIG expiration time

---
 dnsviz/analysis/status.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py
index 2fd5f09..f63c5fa 100644
--- a/dnsviz/analysis/status.py
+++ b/dnsviz/analysis/status.py
@@ -279,7 +279,7 @@ class RRSIGStatus(object):
             if self.validation_status == RRSIG_STATUS_VALID:
                 self.validation_status = RRSIG_STATUS_EXPIRED
             self.errors.append(Errors.ExpirationInPast(expiration=fmt.timestamp_to_datetime(self.rrsig.expiration), reference_time=fmt.timestamp_to_datetime(self.reference_ts)))
-        elif self.reference_ts + min_ttl >= self.rrsig.expiration:
+        elif self.reference_ts + min_ttl > self.rrsig.expiration:
             self.errors.append(Errors.TTLBeyondExpiration(expiration=fmt.timestamp_to_datetime(self.rrsig.expiration), rrsig_ttl=min_ttl, reference_time=fmt.timestamp_to_datetime(self.reference_ts)))
         elif self.reference_ts + CLOCK_SKEW_WARNING >= self.rrsig.expiration:
             self.warnings.append(Errors.ExpirationWithinClockSkew(expiration=fmt.timestamp_to_datetime(self.rrsig.expiration), reference_time=fmt.timestamp_to_datetime(self.reference_ts)))
-- 
cgit v1.2.3