2.7.12 test suite error on chainverify

Simon Josefsson simon at josefsson.org
Mon May 25 10:05:27 CEST 2009


Andreas Metzler <ametzler at downhill.at.eu.org> writes:

> Hello,
>
> The chainverify test does not complete successfully anymore. 
>
> This is rather strange, it worked two days ago (on the 21st).
>
> Strange data points:
>  * This is not limited to my local system.
>  * Neither build-depencies nor toolchain (gcc, g++, binutils) nor
>    kernel has changed.
>  * I still had the build tree of 2.7.11 including all binaries from
>    2009-05-19. If I run this old chainverify binary I still get the
>    error.
>  * It fails both on up to date Debian sid and Debian lenny.
>
> The only thing I can think of that has changed for sure is the date.
> Hmm. Is this the cause?
>
> Chain 'v1ca ok' (15)...
>    Adding certificate 0...done
>    Certificate 0: subject `C=US,ST=Illinois,L=Du Page,O=Argonne
>    National Laboratory,CN=auth2.it.anl.gov', issuer `C=US,O=VeriSign\,
>    Inc.,OU=VeriSign Trust Network,OU=Terms of use at
>    https://www.verisign.com/rpa (c)05,CN=VeriSign Class 3 Secure Server
>    CA', RSA key 1024 bits, signed using RSA-SHA, activated `2008-05-05
>    00:00:00 UTC', expires `2009-05-22 23:59:59 UTC', SHA-1 fingerprint
>                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Indeed, that certificate just expired.  I have split the test into two,
one that should fail due to an expired certificate, and one with a flag
to disable activation time checks that should succeed.  There was
another similar one too.

Thanks,
/Simon





More information about the Gnutls-devel mailing list