[stunnel-users] Invalid certificate in tests, prevents make_test from running

Mon Apr 16 13:01:23 CEST 2018

Morning,

I posted earlier about `make_test` failing, apologies for not replying to that thread but I didn't receive the email myself.  I've tracked this down to `tests/certs/CACert.pem` containing an expired certificate - see below output:

openssl x509 -in tests/certs/CACert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=pl, O=CA_cert, OU=CA_cert, CN=CA_cert/emailAddress=CA_cert at example.com
        Validity
            Not Before: Apr 26 18:41:00 2017 GMT
            Not After : Apr 13 15:45:00 2018 GMT
        Subject: C=pl, O=CA_cert, OU=CA_cert, CN=CA_cert/emailAddress=CA_cert at example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:af:cc:61:f5:73:2b:49:3c:62:c0:b0:d6:1b:0f:
                    5e:32:d1:49:48:01:b2:35:36:a8:04:a3:e0:7e:e4:
                    1d:f9:cb:fe:11:0a:c3:2e:b1:3e:87:4c:b0:72:d7:
                    73:04:ba:28:c7:2b:b4:67:13:0e:5d:05:7f:67:bd:
                    ba:7f:c5:89:b0:48:d6:21:4b:e8:3a:70:ac:dc:e4:
                    f5:43:c3:c9:57:7f:73:f1:3b:b0:e5:a5:90:44:9f:
                    6e:c3:2a:f5:ab:e6:15:f3:de:cd:44:23:5e:4f:c2:
                    eb:44:59:6c:f5:76:46:b0:7c:fc:59:df:20:97:0c:
                    0f:43:ae:df:47:f6:d2:78:fd:c6:be:11:cf:26:a1:
                    8d:87:74:2f:c9:b5:1b:2b:9d:a4:95:44:0c:54:de:
                    0c:12:d4:8d:14:57:31:a7:a8:70:11:68:6e:20:3d:
                    76:c9:c8:45:50:d5:4e:2f:f1:6e:78:25:23:05:45:
                    6e:7d:11:2a:b3:e8:88:6e:68:29:2c:a2:c2:3d:cf:
                    41:50:b5:e1:51:8f:8e:f4:36:0f:f5:a8:63:5e:29:
                    1d:b4:fe:71:43:d0:2a:be:2a:2c:b1:62:c6:b9:bc:
                    4d:95:80:4e:60:ec:e9:79:92:19:31:9c:b2:00:74:
                    3b:a1:80:57:b4:22:45:c8:d3:1a:a7:4f:f6:00:12:
                    35:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
         97:03:b2:c1:a2:44:8a:2a:9c:1d:3c:cb:61:a6:f9:bc:7f:4f:
         21:fc:69:d8:f3:31:7b:4b:e5:2b:34:42:19:03:1a:40:af:fa:
         7e:18:93:99:a8:78:cb:32:15:23:75:6e:49:6d:ac:ee:ca:5e:
         d6:d2:69:5a:b5:4a:13:cd:7c:77:e4:f2:6d:a0:2d:63:2f:62:
         b5:be:24:ee:12:d7:22:3e:dd:d2:56:07:81:ca:c4:cf:4c:2c:
         36:64:32:52:b1:76:76:5f:c7:45:86:b9:34:1a:c7:37:0c:38:
         ce:8b:20:8b:70:a1:33:a0:e1:3d:ed:9a:26:c0:04:e7:35:c5:
         41:ab:bd:f9:cc:10:8d:12:3f:7a:ee:b3:a3:98:35:09:b2:e5:
         5f:aa:22:16:7e:18:df:61:ac:3d:30:48:f7:77:41:5c:25:bd:
         6f:dc:53:d0:f3:d7:cc:33:f6:77:36:99:0b:e4:8f:3e:83:e4:
         ca:3a:58:6f:73:55:83:6e:a7:01:b2:21:bf:09:54:28:e3:e0:
         a5:4f:bd:d7:66:a2:f8:c2:81:6f:0d:aa:ba:6f:7d:a9:cf:6f:
         06:a8:a2:b1:5b:3b:f9:7b:89:bf:f5:c4:ed:f0:5e:cf:64:87:
         39:84:90:6c:c9:e0:5d:b4:54:ae:a7:6c:e7:b4:2a:29:fe:ab:
         62:4f:91:d0

As a (horrible) workaround I've had to skip "make_test" in my CI - if there are any better ideas please let me know!

Ian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180416/8ca37b8c/attachment.html>