Extend test cert to 2049-05-27
Extend test cert to 2049-05-27 instead of expiring in 2024-02-29
This update did not trigger y2038 bugs on 32-bit systems.
Without this patch, one test fails after 2024:
doit:124: rsa pss key: gnutls_x509_crt_verify_data2 |
FAIL x509sign-verify (exit status: 1)
Background: As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future. The usual offset is +15 years, because that is how long I expect some software will be used in some places. This showed up failing tests in our package build. See https://reproducible-builds.org/ for why this matters.
Checklist
-
Commits have Signed-off-by:
with name/author being identical to the commit author -
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated / NEWS entry present (for non-trivial changes) -
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code
Note: I used certtool -u to create the new cert, but am unsure why it is 2 lines shorter than the old one.
Edit: using a newer version of certtool with --sign-params=RSA-PSS --key-type rsa-pss --salt-size=32
helped.
Edited by Nikos Mavrogiannopoulos