Commit 2b0f6f3a authored by Daiki Ueno's avatar Daiki Ueno
Browse files

testpkcs11: use datefudge to trick certificate expiry

The certificates stored in tests/testpkcs11-certs expired on
2020-12-13.  To avoid verification failure due to that, use datefudge
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.

Based on the patch by Andreas Metzler:
#1135 (comment 469682121)

Signed-off-by: Daiki Ueno's avatarDaiki Ueno <ueno@gnu.org>
parent c815f725
......@@ -67,6 +67,8 @@ have_ed25519=0
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
SERV="${SERV} -q"
TESTDATE=2020-12-01
. ${srcdir}/scripts/common.sh
rm -f "${LOGFILE}"
......@@ -79,6 +81,8 @@ exit_error () {
exit 1
}
skip_if_no_datefudge
# $1: token
# $2: PIN
# $3: filename
......@@ -523,6 +527,7 @@ write_certificate_test () {
pubkey="$5"
echo -n "* Generating client certificate... "
datefudge -s "$TESTDATE" \
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
......@@ -900,7 +905,9 @@ use_certificate_test () {
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
# start server
eval "${GETPORT}"
launch_server ${ADDITIONAL_PARAM} --echo --priority NORMAL --x509certfile="${certfile}" \
launch_bare_server datefudge -s "$TESTDATE" \
$VALGRIND $SERV $DEBUG -p "$PORT" \
${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
......@@ -908,13 +915,16 @@ use_certificate_test () {
wait_server ${PID}
# connect to server using SC
datefudge -s "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
fail ${PID} "Connection should have failed!"
datefudge -s "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
fail ${PID} "Connection (with files) should have succeeded!"
datefudge -s "$TESTDATE" \
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
--x509keyfile="${token};object=gnutls-client;object-type=private" \
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment