pshtt and sslyze appear to be inconsistent with respect to certificate expiration #181
Description
@dav3r noticed that if he performs the MongoDB queries db.https_scan.find({'latest':True, 'https_expired_cert':True}) and db.sslyze_scan.find({'latest':True, 'not_after':{'$lte':util.utcnow()}}) then he gets different answers. Specifically, the first query returns more results.
While sslyze is just saving the "not after" data directly from the certificate, pshtt is performing a bit of analysis to obtain its result. One thought is that perhaps this logic causes https_expired_cert to be True when there is an expired cert up the chain. Even if this logic is valid, this discrepancy between pshtt and sslyze needs to be understood.
CC: @dav3r, @KyleEvers