Timebombs in testsuite
ametzler at downhill.at.eu.org
Sun Nov 1 13:34:36 CET 2009
On 2009-10-29 Simon Josefsson <simon at josefsson.org> wrote:
> Andreas Metzler <ametzler at downhill.at.eu.org> writes:
[cert expiry timebomb]
> > Can these be handled proactively before they actually break?
> Good point. I'm thinking of using something like the patch below.
> diff --git a/tests/chainverify.c b/tests/chainverify.c
> index 19b27eb..13d4710 100644
> --- a/tests/chainverify.c
> +++ b/tests/chainverify.c
> @@ -32,6 +32,21 @@
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
> +/* GnuTLS internally calls time() to find out the current time when
> + verifying certificates. To avoid a time bomb, we hard code the
> + current time. This should work fine on systems where the library
> + call to time is resolved at run-time. */
> +time (time_t *t)
> + time_t then = 1256803113;
> + if (t)
> + *t = then;
> + return then;
> /* *INDENT-OFF* */
> /* Triggers incorrect verification success on older versions */
Works for me. Applied and uploaded to Debian.
thanks, cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel