Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test2043: use revoked.badssl.com instead of revoked.grc.com #5233

Closed
wants to merge 1 commit into from

Conversation

@mback2k
Copy link
Member

mback2k commented Apr 13, 2020

The certificate of revoked.grc.com has expired on 2020-04-13.

The certificate of revoked.grc.com has expired on 2020-04-13.
@mback2k mback2k added the tests label Apr 13, 2020
@mback2k mback2k requested a review from bagder Apr 13, 2020
@mback2k mback2k self-assigned this Apr 13, 2020
@mback2k mback2k requested a review from jay Apr 13, 2020
@jay
jay approved these changes Apr 13, 2020
Copy link
Member

jay left a comment

The certificate of revoked.grc.com has expired on 2020-04-13.

I'm sure they'll fix that but the change is fine with me.

@mback2k
Copy link
Member Author

mback2k commented Apr 13, 2020

Let’s wait till tomorrow and if it’s not fixed by then, I will merge this PR.

Copy link
Member

bagder left a comment

I wish we had a local test for this instead of using a live out-of-our-control remote server...

@mback2k
Copy link
Member Author

mback2k commented Apr 13, 2020

We would need to generate a CA including CRL, should be possible statically or dynamically, but would require some extra work on systems there the OS certificate store is used.

@bagder
Copy link
Member

bagder commented Apr 13, 2020

Still, we've at least traditionally have had users run the test suite on machines without internet access, we might be causing undesired traffic to this site and we may at times get undesired test failures.

@jay
Copy link
Member

jay commented Apr 13, 2020

The test as it is now only applies to WinSSL. If the --cacert option is used with a local CA with no revocation information (CRL, AIA, ???) then it should fail unless --ssl-no-revoke is used.

@mback2k
Copy link
Member Author

mback2k commented Apr 13, 2020

@bagder: I am with you. I was completely surprised that this test case relies on some online service. This also leaks information about test suits users to that online service.

@jay
Copy link
Member

jay commented Apr 13, 2020

I did it. At the time there was no way to test --ssl-no-revoke with WinSSL since there was no support for user-specified CAs, so I settled on an internet server.

@mback2k
Copy link
Member Author

mback2k commented Apr 14, 2020

@jay @bagder thanks for your input, but for now it would be okay to merge this to get the test going again, right?

@bagder
Copy link
Member

bagder commented Apr 14, 2020

Yes I'm fine with that.

@mback2k mback2k closed this in a6f7b2f Apr 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.