GNU bug report logs - #56137
OpenSSL 1.1.1n test failures due to expired certificates (time bomb)

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Wed, 22 Jun 2022 09:59:02 UTC

Severity: important

Merged with 58650, 60821

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Ludovic Courtès <ludo <at> gnu.org>,  56137-done <at> debbugs.gnu.org
Cc: phodina <phodina <at> protonmail.com>
Subject: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test
Date: Wed, 22 Jun 2022 12:49:51 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès schreef op wo 22-06-2022 om 12:39 [+0200]:
> That commit skips the test.  I tried another approach with ‘datefudge’,
> which has the advantage of being more explicit and future-proof (should
> there be similar issues lying around):
> 
>                (invoke "datefudge" "2022-01-01"
>                        "make" test-target
>                        #$@(if (or (target-arm?) (target-riscv64?))
>                               #~("TESTS=-test_afalg")
>                               #~()))

Looking at <https://github.com/openssl/openssl/issues/15179>,
upsteam just replaces the certificates when these things happen, so
there could easily be more time bombs.  As such, WDYT of removing _all_
the certs in tests/certs for robustness, maybe generating them locally
with test/smime-certs/mksmime-certs.sh?

Greetings,
Maxime.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 64 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.