From e82e421ba8b43a14807586b26ef2d2fd7f6fb311 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Mon, 14 Sep 2020 09:59:59 +0000 Subject: Use a fixed validation time in these tests so we never have to re-generate these certificates and this should just keep working even if the certs get old --- regress/lib/libcrypto/x509/bettertls/verify.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'regress/lib/libcrypto') diff --git a/regress/lib/libcrypto/x509/bettertls/verify.c b/regress/lib/libcrypto/x509/bettertls/verify.c index c23e8a2db98..efa531b6203 100644 --- a/regress/lib/libcrypto/x509/bettertls/verify.c +++ b/regress/lib/libcrypto/x509/bettertls/verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: verify.c,v 1.2 2020/07/15 03:44:42 beck Exp $ */ +/* $OpenBSD: verify.c,v 1.3 2020/09/14 09:59:58 beck Exp $ */ /* * Copyright (c) 2020 Joel Sing * Copyright (c) 2020 Bob Beck @@ -139,6 +139,7 @@ verify_cert(const char *roots_file, const char *bundle_file, unsigned long flags = X509_VERIFY_PARAM_get_flags(xsc->param); X509_VERIFY_PARAM_set_flags(xsc->param, flags); + X509_VERIFY_PARAM_set_time(xsc->param, 1600000000); X509_VERIFY_PARAM_set1_host(xsc->param,"localhost.local", strlen("localhost.local")); X509_STORE_CTX_set0_trusted_stack(xsc, roots); @@ -164,6 +165,7 @@ verify_cert(const char *roots_file, const char *bundle_file, unsigned long flagsip = X509_VERIFY_PARAM_get_flags(xscip->param); X509_VERIFY_PARAM_set_flags(xscip->param, flagsip); + X509_VERIFY_PARAM_set_time(xscip->param, 1600000000); X509_VERIFY_PARAM_set1_ip_asc(xscip->param,"127.0.0.1"); X509_STORE_CTX_set0_trusted_stack(xscip, roots); @@ -228,7 +230,7 @@ main(int argc, char **argv) } if (json) fprintf(stdout, "{\"testVersion\":1,\"date\":%lld,\"userAgent\"" - ":\"LibreSSL OpenBSD 6.7\\n\",\"results\":[", time(NULL)); + ":\"LibreSSL OpenBSD 6.8\\n\",\"results\":[", time(NULL)); bettertls_cert_test(argv[1]); -- cgit v1.2.3