[gnutls-devel] gnutls 2.12.23 - chainverify testsuite failure on amd64

Andreas Metzler ametzler at bebt.de
Sun Apr 27 20:10:56 CEST 2014

On 2014-04-27 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Sun, 2014-04-27 at 17:09 +0200, Andreas Metzler wrote:
>> gnutls 2.12.23 has recently started failing the chainverify test on
>> amd64 (i386 works):
>> ------------------------
>> (sid-AMD64)ametzler at argenau:/tmp/GNUTLS/gnutls-2.12.23$ ./tests/chainverify ; echo $?
>> chain[cacertrsamd5 ok]: verify_status: 1026 expected: 0
>> 1
>> ------------------------

>> Any idea? --verbose attached.

> Hello Andreas,
>  1024+2 is an expiration failure. There may be some check in that
> version that isn't time-independent. Could it be that i386 and amd64
> have different time?

Hello Nikos,
It is the same machine, different chroot. ;-) However the hint seems
to be a good one:

* The test succeeds with "datefudge '@1256803113' tests/chainverify".
* gnutls3 works
* Comparing chainverify in 2.12 with GIT master shows that the latter is
  using gnutls_global_set_time().

Looking at git head one sees that while gnutls_global_set_time was
added not only in master but also in gnutls_2_12_x, however
c0d9ae7f9444e828b17f68d34361ea9fe77fe6a0 in gnutls_2_12_x is missing
the changes to tests/chainverify which
6a125fea8d4ddb545a6c88dbab04b6ac26c183ab includes.

Adding this missing piece (see attachment) seems to work. Am I missing

cu Andreas

`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use_gnutls_global_set_time.diff
Type: text/x-diff
Size: 604 bytes
Desc: not available
URL: </pipermail/attachments/20140427/2e8e8484/attachment.diff>

More information about the Gnutls-devel mailing list