[gnutls-devel] GnuTLS | Improve time adjustment logic in tests (!1754)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun Jul 9 11:29:13 CEST 2023
Andreas Metzler commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1754#note_1462662293
Daiki Ueno @dueno wrote
> Yeah, I see the similar issue even with datefudge with the current git master, with make check TESTS=TESTS=ocsp-tests/ocsp-must-staple-connection.sh. Then pgrep gnutls-serv reports 10 processes are still running.
> In this MR, I changed to call the datefudge command line with exec, but it might not work with faketime.
tests/ocsp-tests/ocsp-must-staple-connection.sh in this changed version aborts during "Test 5: Server with valid certificate - expired staple", code after
https://gitlab.com/dueno/gnutls/-/blob/wip/dueno/faketime/tests/ocsp-tests/ocsp-must-staple-connection.sh#L311
```sh
gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \
${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2
```
is not executed. Afaui at this point the shell execs datefudge, replacing tests/ocsp-tests/ocsp-must-staple-connection.sh (and wrongly returns SUCCESS).
At this point I am fairly convinced we need to either use a wrapper script or
1. instead of defining FAKETIME_F have FAKETIME_F_OPT (as either "-s" or "-f"),
2. completely dropping gnutls_timewrapper_standalone() and
3. having the actual test scipts run `$FAKETIME` (instead of `gnutls_timewrapper_standalone`) and `$FAKETIME ${FAKETIME_F_OPT}` (instead of `gnutls_timewrapper_standalone static`)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1754#note_1462662293
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230709/dc1fbdeb/attachment.html>
More information about the Gnutls-devel
mailing list