From: Alexander Kanavin Date: Wed, 9 Oct 2024 09:16:08 +0000 (+0200) Subject: gh-107562: make_ssl_certs.py: produce test certificates that expire far in the future... X-Git-Tag: v3.14.0a1~125 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=53930cbe47529c4de9177538c98ffdb354b9854e;p=thirdparty%2FPython%2Fcpython.git gh-107562: make_ssl_certs.py: produce test certificates that expire far in the future by default (GH-107594) This allows testing Y2038 with system time set to after that, so that actual Y2038 issues can be exposed, and not masked by expired certificate errors. Signed-off-by: Alexander Kanavin --- diff --git a/Lib/test/certdata/make_ssl_certs.py b/Lib/test/certdata/make_ssl_certs.py index 198c64035c50..18e614496385 100644 --- a/Lib/test/certdata/make_ssl_certs.py +++ b/Lib/test/certdata/make_ssl_certs.py @@ -9,8 +9,8 @@ import tempfile from subprocess import * startdate = "20180829142316Z" -enddate_default = "20371028142316Z" -days_default = "7000" +enddate_default = "25251028142316Z" +days_default = "140000" req_template = """ [ default ] diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 216aa84a8c14..b93fa0ed99f8 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -383,6 +383,7 @@ class BasicSocketTests(unittest.TestCase): ssl.RAND_add(bytearray(b"this is a random bytearray object"), 75.0) def test_parse_cert(self): + self.maxDiff = None # note that this uses an 'unofficial' function in _ssl.c, # provided solely for this test, to exercise the certificate # parsing code diff --git a/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst b/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst new file mode 100644 index 000000000000..cc368d4bdffb --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst @@ -0,0 +1,3 @@ +Test certificates have been updated to expire far in the future. This allows +testing Y2038 with system time set to after that, so that actual Y2038 +issues can be exposed, and not masked by expired certificate errors.