[gnutls-devel] gnutls build fails depending on timezone

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[gnutls-devel] gnutls build fails depending on timezone

Andreas Metzler-3
Hello,

Thorsten Glaser has found the following issue with gnutls 3.5.8,
reported as <http://bugs.debian.org/853732>:

----- Forwarded message from Thorsten Glaser <[hidden email]> -----
[...]
The build fails in the pkcs7 testsuite because of a wrong date;
the testsuite fudges to 2038-10-12 00:00:00 localtime:

(pbuild22064)root@tglase:/tmp/buildd/gnutls28-3.5.8 # openssl x509 -noout -text -in doc/credentials/x509/ca.pem | fgrep Not
            Not Before: May 28 08:36:30 2011 GMT
            Not After : Oct 12 08:36:33 2038 GMT

The fix is easy:

--- /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7~ 2017-01-31 10:37:42.041736473 +0000
+++ /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7 2017-01-31 10:39:00.490675092 +0000
@@ -74,7 +74,7 @@
 fi
 
 # check validation with date after intermediate cert issuance
-datefudge -s "2038-10-12" \
+datefudge -s "2038-10-12 08:36:34 UTC" \
 ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
 rc=$?
[...]
----- End forwarded message -----

For simplicity's sake I'd simply go for datefudge -s "2038-10-13". ;-)

I could not reproduce the build-error on amd64, but the Gnutls bug is
obvious.

On amd64 this correctly succeeds...
datefudge -s "2038-01-19" src/certtool --inder --p7-verify --load-ca-certificate ./doc/credentials/x509/ca.pem --infile ./tests/cert-tests/data/full.p7b
... and this wrongly fails:
datefudge -s "2038-01-20" src/certtool --inder --p7-verify --load-ca-certificate ./doc/credentials/x509/ca.pem --infile ./tests/cert-tests/data/full.p7b

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] gnutls build fails depending on timezone

Nikos Mavrogiannopoulos
On Wed, Feb 1, 2017 at 7:20 PM, Andreas Metzler <[hidden email]> wrote:

> Hello,
> Thorsten Glaser has found the following issue with gnutls 3.5.8,
> reported as <http://bugs.debian.org/853732>:
>
> ----- Forwarded message from Thorsten Glaser <[hidden email]> -----
> [...]
> The build fails in the pkcs7 testsuite because of a wrong date;
> the testsuite fudges to 2038-10-12 00:00:00 localtime:
>
> (pbuild22064)root@tglase:/tmp/buildd/gnutls28-3.5.8 # openssl x509 -noout -text -in doc/credentials/x509/ca.pem | fgrep Not
>             Not Before: May 28 08:36:30 2011 GMT
>             Not After : Oct 12 08:36:33 2038 GMT
>
> The fix is easy:
>
> --- /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7~  2017-01-31 10:37:42.041736473 +0000
> +++ /tmp/buildd/gnutls28-3.5.8/tests/cert-tests/pkcs7   2017-01-31 10:39:00.490675092 +0000
> @@ -74,7 +74,7 @@
>  fi
>
>  # check validation with date after intermediate cert issuance
> -datefudge -s "2038-10-12" \
> +datefudge -s "2038-10-12 08:36:34 UTC" \
>  ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}"
>  rc=$?
> [...]
> ----- End forwarded message -----
>
> For simplicity's sake I'd simply go for datefudge -s "2038-10-13". ;-)
> I could not reproduce the build-error on amd64, but the Gnutls bug is
> obvious.

Thank you for the report. I've submitted to merge request to address that.

regards,
Nikos

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...