From 8963dac3bc52fba50f82676cdfccd1e6dddcbc7b Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Tue, 19 May 2026 18:25:05 +0200
Subject: [PATCH] enterprise/stages/mtls: attempt fix freezegun

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/enterprise/stages/mtls/stage.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/authentik/enterprise/stages/mtls/stage.py b/authentik/enterprise/stages/mtls/stage.py
index c28b1e04eb..c9cae16a90 100644
--- a/authentik/enterprise/stages/mtls/stage.py
+++ b/authentik/enterprise/stages/mtls/stage.py
@@ -14,6 +14,7 @@ from cryptography.x509 import (
     load_pem_x509_certificate,
 )
 from cryptography.x509.verification import PolicyBuilder, Store, VerificationError
+from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from rest_framework.exceptions import PermissionDenied
 
@@ -138,9 +139,9 @@ class MTLSStageView(ChallengeStageView):
         authorities_cert = [x.certificate for x in authorities]
         for _cert in certs:
             try:
-                PolicyBuilder().store(Store(authorities_cert)).build_client_verifier().verify(
-                    _cert, []
-                )
+                PolicyBuilder().store(Store(authorities_cert)).time(
+                    now()
+                ).build_client_verifier().verify(_cert, [])
                 return _cert
             except (
                 InvalidSignature,