test2043: use revoked.badssl.com instead of revoked.grc.com#5233
test2043: use revoked.badssl.com instead of revoked.grc.com#5233mback2k wants to merge 1 commit intocurl:masterfrom
Conversation
The certificate of revoked.grc.com has expired on 2020-04-13.
jay
left a comment
jay
left a comment
There was a problem hiding this comment.
The certificate of revoked.grc.com has expired on 2020-04-13.
I'm sure they'll fix that but the change is fine with me.
|
Let’s wait till tomorrow and if it’s not fixed by then, I will merge this PR. |
bagder
left a comment
bagder
left a comment
There was a problem hiding this comment.
I wish we had a local test for this instead of using a live out-of-our-control remote server...
|
We would need to generate a CA including CRL, should be possible statically or dynamically, but would require some extra work on systems there the OS certificate store is used. |
|
Still, we've at least traditionally have had users run the test suite on machines without internet access, we might be causing undesired traffic to this site and we may at times get undesired test failures. |
|
The test as it is now only applies to WinSSL. If the --cacert option is used with a local CA with no revocation information (CRL, AIA, ???) then it should fail unless --ssl-no-revoke is used. |
|
@bagder: I am with you. I was completely surprised that this test case relies on some online service. This also leaks information about test suits users to that online service. |
|
I did it. At the time there was no way to test --ssl-no-revoke with WinSSL since there was no support for user-specified CAs, so I settled on an internet server. |
|
Yes I'm fine with that. |
3 participants
The certificate of revoked.grc.com has expired on 2020-04-13.