Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend test CA validity to 2049 #725

Closed
wants to merge 1 commit into from

Conversation

bmwiedemann
Copy link
Contributor

Extend test CA validity to 2049
so that tests do not fail after 2025

Background:
As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future.
The usual offset is +15 years, because that is how long I expect some software will be used in some places.
This showed up failing tests in our memcached package build tests.

Tests failed thus:

 #   Failed test 'client cert is verified'
 #   at ./t/ssl_verify_modes.t line 20.
 #          got: undef
 #     expected: '1'
 # Looks like you failed 1 test of 1.
 ./t/ssl_verify_modes.t ........

Below is a diff of certtool -i

 Root Certificate Authority
        Validity:
-               Not Before: Thu May 14 22:11:49 UTC 2020
-               Not After: Tue May 13 22:11:49 UTC 2025
+               Not Before: Sat Oct 10 17:49:30 UTC 2020
+               Not After: Fri Dec 31 17:49:32 UTC 2049

This PR was done while working on reproducible builds for openSUSE.

@dormando
Copy link
Member

thanks! interesting change.

can you also update t/README-TLS.md - which includes instructions on re-generating the files? A note for why they're used for so long would be best too

@bmwiedemann
Copy link
Contributor Author

I updated the README-TLS and used the commands to create certs with 500y validity. My tests showed that every test now passes in 2035 (both x86_64 and i586).

below is a diff of certtool -i

 Root Certificate Authority
        Validity:
-               Not Before: Thu May 14 22:11:49 UTC 2020
-               Not After: Tue May 13 22:11:49 UTC 2025
+               Not Before: Tue Oct 27 03:04:55 UTC 2020
+               Not After: Fri Jun 28 03:04:55 UTC 2520

This PR was done while working on reproducible builds for openSUSE.
@dormando
Copy link
Member

No complaints! merged this up for the next release. Thanks for taking the time.

@dormando
Copy link
Member

released in 1.6.9!

@dormando dormando closed this Nov 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants