From db0c4afed561641c5be055f47536eaa2a7cd00da Mon Sep 17 00:00:00 2001
From: Jonathan Hess <hessjc@google.com>
Date: Tue, 24 Jun 2025 13:21:56 -0600
Subject: [PATCH] fix: Use either x509.not_valid_after_utc or if it does not
 exist, x509.not_valid_after

---
 google/cloud/sql/connector/client.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/google/cloud/sql/connector/client.py b/google/cloud/sql/connector/client.py
index 2e1fbc20d..a459c62ac 100644
--- a/google/cloud/sql/connector/client.py
+++ b/google/cloud/sql/connector/client.py
@@ -234,7 +234,14 @@ async def _get_ephemeral(
         x509 = load_pem_x509_certificate(
             ephemeral_cert.encode("UTF-8"), default_backend()
         )
-        expiration = x509.not_valid_after_utc
+
+        if 'not_valid_after_utc' in x509:
+            expiration = x509.not_valid_after_utc
+        elif 'not_valid_after' in x509:
+            expiration = x509.not_valid_after
+        else:
+            expiration = datetime.MINYEAR
+
         # for IAM authentication OAuth2 token is embedded in cert so it
         # must still be valid for successful connection
         if enable_iam_auth: