[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Timebombs in testsuite
|
From: |
Andreas Metzler |
|
Subject: |
Re: Timebombs in testsuite |
|
Date: |
Sun, 1 Nov 2009 13:34:36 +0100 |
|
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On 2009-10-29 Simon Josefsson <address@hidden> wrote:
> Andreas Metzler <address@hidden> writes:
[cert expiry timebomb]
> ...
> > Can these be handled proactively before they actually break?
> Good point. I'm thinking of using something like the patch below.
> Thoughts?
> /Simon
> diff --git a/tests/chainverify.c b/tests/chainverify.c
> index 19b27eb..13d4710 100644
> --- a/tests/chainverify.c
> +++ b/tests/chainverify.c
> @@ -32,6 +32,21 @@
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
> +/* GnuTLS internally calls time() to find out the current time when
> + verifying certificates. To avoid a time bomb, we hard code the
> + current time. This should work fine on systems where the library
> + call to time is resolved at run-time. */
> +time_t
> +time (time_t *t)
> +{
> + time_t then = 1256803113;
> +
> + if (t)
> + *t = then;
> +
> + return then;
> +}
> +
> /* *INDENT-OFF* */
> /* Triggers incorrect verification success on older versions */
Works for me. Applied and uploaded to Debian.
thanks, cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: Timebombs in testsuite,
Andreas Metzler <=