[gnutls-devel] GnuTLS | Improve time adjustment logic in tests (!1754)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Jul 9 11:29:13 CEST 2023 



Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1754#note_1462662293


Daiki Ueno @dueno wrote
> Yeah, I see the similar issue even with datefudge with the current git master, with make check TESTS=TESTS=ocsp-tests/ocsp-must-staple-connection.sh. Then pgrep gnutls-serv reports 10 processes are still running.

> In this MR, I changed to call the datefudge command line with exec, but it might not work with faketime.

tests/ocsp-tests/ocsp-must-staple-connection.sh in this changed version aborts during "Test 5: Server with valid certificate - expired staple", code after 
https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/faketime/tests/ocsp-tests/ocsp-must-staple-connection.sh#L311
```sh
gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \
 	${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 
```
is not executed. Afaui at this point the shell execs datefudge, replacing tests/ocsp-tests/ocsp-must-staple-connection.sh (and wrongly returns SUCCESS).

At this point I am fairly convinced we need to either use a wrapper script or 
1. instead of defining FAKETIME_F have FAKETIME_F_OPT (as either "-s" or "-f"),
2. completely dropping gnutls_timewrapper_standalone() and
3. having the actual test scipts run `$FAKETIME` (instead of `gnutls_timewrapper_standalone`) and `$FAKETIME ${FAKETIME_F_OPT}` (instead of `gnutls_timewrapper_standalone static`)

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1754#note_1462662293
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230709/dc1fbdeb/attachment.html>

More information about the Gnutls-devel mailing list