GNU bug report logs - #56137
OpenSSL 1.1.1n test failures due to expired certificates (time bomb)

Previous Next

Full log

Message #18 received at 56137-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 56137-done <at> debbugs.gnu.org, phodina <phodina <at> protonmail.com>
Subject: Re: bug#56137: OpenSSL 3.0.3/1.1.1n includes a time-dependent test
Date: Fri, 24 Jun 2022 16:47:37 +0200

Maxime Devos <maximedevos <at> telenet.be> skribis:

> Ludovic Courtès schreef op wo 22-06-2022 om 12:39 [+0200]:
>> That commit skips the test.  I tried another approach with ‘datefudge’,
>> which has the advantage of being more explicit and future-proof (should
>> there be similar issues lying around):
>> 
>>                (invoke "datefudge" "2022-01-01"
>>                        "make" test-target
>>                        #$@(if (or (target-arm?) (target-riscv64?))
>>                               #~("TESTS=-test_afalg")
>>                               #~()))
>
> Looking at <https://github.com/openssl/openssl/issues/15179>,
> upsteam just replaces the certificates when these things happen, so
> there could easily be more time bombs.  As such, WDYT of removing _all_
> the certs in tests/certs for robustness, maybe generating them locally
> with test/smime-certs/mksmime-certs.sh?

That’s an option, but it might be trickier than it seems?  Or is it
really just about running that script?

I thought it’d be easier and more robust to use ‘datefudge’ or similar
because it’d amount to freezing things in time (GnuTLS does that in its
test suite).  It didn’t work for some reason but it might be worth
investigating.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.