-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
certificate verify fails in 2020-01-01 #735
Comments
Also it's possible to set time parameter of X509 store and context to use it to verify certificate instead of current time. |
I am testing with python-pyOpenSSL-18.0.0 on openSUSE Tumbleweed. |
same problem with 19.0.0 |
We would accept a patch to fix this. |
bmwiedemann
changed the title
certificate verify fails in 2030
certificate verify fails in 2020
Feb 28, 2019
bmwiedemann
changed the title
certificate verify fails in 2020
certificate verify fails in 2020-01-01
Feb 28, 2019
bmwiedemann
added a commit
to bmwiedemann/pyopenssl
that referenced
this issue
Apr 12, 2019
Without this patch, TestX509StoreContext.test_valid and 5 other tests would fail after 2020-01-01 Fixes pyca#735 This PR was done while working on reproducible builds for openSUSE.
bmwiedemann
added a commit
to bmwiedemann/pyopenssl
that referenced
this issue
Jul 3, 2019
Without this patch, TestX509StoreContext.test_valid and 5 other tests would fail after 2020-01-01 Fixes pyca#735 This PR was done while working on reproducible builds for openSUSE.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
For reproducible builds we need to test if software builds still produce the same result when building it later. However, for pyOpenSSL this is currently not possible, because parts of the testsuite fail with
failing tests are
TestX509StoreContext.test_valid
TestX509StoreContext.test_reuse
TestX509StoreContext.test_modification_pre_verify
TestContext.test_add_extra_chain_cert
TestContext.test_use_certificate_chain_file_bytes
TestContext.test_use_certificate_chain_file_unicode
Also, independently of that, as a Linux distribution, we want to be able to ship updated versions of packages with added patches (even when upstream support expired) for up to 15 years.
possible approaches:
The text was updated successfully, but these errors were encountered: