Timebombs in testsuite
Simon Josefsson
simon at josefsson.org
Thu Oct 29 09:02:34 CET 2009
Andreas Metzler <ametzler at downhill.at.eu.org> writes:
> Hello,
>
> I have just seen that 2.8.4 cannot be built (well checked) successfull
> anymore, since a certificate expired 2009-10-19. (This is fixed in
> 2.8.5 prerelease). I think this is the third time something like this
> happened, and browsing over the buildlog the next instances will happen
> soon:
...
> Can these be handled proactively before they actually break?
Good point. I'm thinking of using something like the patch below.
Thoughts?
/Simon
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 19b27eb..13d4710 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -32,6 +32,21 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+/* GnuTLS internally calls time() to find out the current time when
+ verifying certificates. To avoid a time bomb, we hard code the
+ current time. This should work fine on systems where the library
+ call to time is resolved at run-time. */
+time_t
+time (time_t *t)
+{
+ time_t then = 1256803113;
+
+ if (t)
+ *t = then;
+
+ return then;
+}
+
/* *INDENT-OFF* */
/* Triggers incorrect verification success on older versions */
More information about the Gnutls-devel
mailing list