2.7.12 test suite error on chainverify
Simon Josefsson
simon at josefsson.org
Mon May 25 10:05:27 CEST 2009
Andreas Metzler <ametzler at downhill.at.eu.org> writes:
> Hello,
>
> The chainverify test does not complete successfully anymore.
>
> This is rather strange, it worked two days ago (on the 21st).
>
> Strange data points:
> * This is not limited to my local system.
> * Neither build-depencies nor toolchain (gcc, g++, binutils) nor
> kernel has changed.
> * I still had the build tree of 2.7.11 including all binaries from
> 2009-05-19. If I run this old chainverify binary I still get the
> error.
> * It fails both on up to date Debian sid and Debian lenny.
>
> The only thing I can think of that has changed for sure is the date.
> Hmm. Is this the cause?
>
> Chain 'v1ca ok' (15)...
> Adding certificate 0...done
> Certificate 0: subject `C=US,ST=Illinois,L=Du Page,O=Argonne
> National Laboratory,CN=auth2.it.anl.gov', issuer `C=US,O=VeriSign\,
> Inc.,OU=VeriSign Trust Network,OU=Terms of use at
> https://www.verisign.com/rpa (c)05,CN=VeriSign Class 3 Secure Server
> CA', RSA key 1024 bits, signed using RSA-SHA, activated `2008-05-05
> 00:00:00 UTC', expires `2009-05-22 23:59:59 UTC', SHA-1 fingerprint
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Indeed, that certificate just expired. I have split the test into two,
one that should fail due to an expired certificate, and one with a flag
to disable activation time checks that should succeed. There was
another similar one too.
Thanks,
/Simon
More information about the Gnutls-devel
mailing list