Use openssl's -attime option instead of faketime/datefudge

Signed-off-by: Andreas Metzler <ametzler@bebt.de>

diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh
index 56eb8f203e0bd0137b613d753b1b34a9c0ae2aa6..16136e18692df107257fbcf3527787acad56a24e 100755 (executable)
--- a/tests/cert-reencoding.sh
+++ b/tests/cert-reencoding.sh
@@ -56,8 +56,6 @@ export TZ="UTC"
 
 . "${srcdir}/scripts/common.sh"
 
-skip_if_no_datefudge
-
 eval "${GETPORT}"
 # Port for gnutls-serv
 TLS_SERVER_PORT=$PORT
@@ -239,12 +237,13 @@ _EOF
 echo "=== Bringing TLS server up ==="
 
 TESTDATE="2018-03-01 00:00:00"
+EPOCHTESTDATE=1519862400
 
 # Start OpenSSL TLS server
 #
 launch_bare_server \
-         "$FAKETIME" "${TESTDATE}" \
-         "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \
+         "${OPENSSL}" s_server -attime "${EPOCHTESTDATE}" \
+         -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \
          -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www
 SERVER_PID="${!}"
 wait_server "${SERVER_PID}"

diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh
index 94d41ce245c5d3c968d02a9089354aec6d294a4f..bfa785e040b92bf2c550d4d12fb72f560b9fd2de 100755 (executable)
--- a/tests/ocsp-tests/ocsp-must-staple-connection.sh
+++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh
@@ -48,8 +48,6 @@ fi
 
 . "${srcdir}/scripts/common.sh"
 
-skip_if_no_datefudge
-
 eval "${GETPORT}"
 # Port for gnutls-serv
 TLS_SERVER_PORT=$PORT
@@ -71,6 +69,7 @@ fi
 
 CERTDATE="2016-04-28 00:00:00"
 TESTDATE="2016-04-29 00:00:00"
+EPOCHTESTDATE=1461888000
 EXP_OCSP_DATE="2016-03-27 00:00:00"
 
 OCSP_PID=""
@@ -130,8 +129,8 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE}
 # SO_REUSEADDR usage.
 PORT=${OCSP_PORT}
 launch_bare_server \
-         "$FAKETIME" "${TESTDATE}" \
-         "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \
+         "${OPENSSL}" ocsp -attime "${EPOCHTESTDATE}" \
+         -index "${INDEXFILE}" -text \
          -port "${OCSP_PORT}" \
          -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
          -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \

diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh
index 34274d9883f352317cedc0efe517dac61b2706d2..ac85a70b48848c91bd4451982fc61dbdaec1d8d5 100755 (executable)
--- a/tests/ocsp-tests/ocsp-test.sh
+++ b/tests/ocsp-tests/ocsp-test.sh
@@ -31,10 +31,6 @@ export TZ="UTC"
 
 . "${srcdir}/scripts/common.sh"
 
-# Note that in rare cases this test may fail because the
-# time set using faketime/datefudge could have changed since the generation
-# (if example the system was busy)
-
 "${OCSPTOOL}" --attime "2016-04-22" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der"
 rc=$?
 

diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh
index 4ca20417e59bf2ee046a0022f96fa22730d30e4b..060f7516333c5bc404404156b2f26db649665e47 100755 (executable)
--- a/tests/ocsp-tests/ocsp-tls-connection.sh
+++ b/tests/ocsp-tests/ocsp-tls-connection.sh
@@ -53,8 +53,6 @@ export TZ="UTC"
 
 . "${srcdir}/scripts/common.sh"
 
-skip_if_no_datefudge
-
 eval "${GETPORT}"
 # Port for gnutls-serv
 TLS_SERVER_PORT=$PORT
@@ -76,6 +74,7 @@ fi
 
 CERTDATE="2016-04-28 00:00:00"
 TESTDATE="2016-04-29 00:00:00"
+EPOCHTESTDATE=1461888000
 
 OCSP_PID=""
 TLS_SERVER_PID=""
@@ -112,8 +111,8 @@ echo "=== Bringing OCSP server up ==="
 # SO_REUSEADDR usage.
 PORT=${OCSP_PORT}
 launch_bare_server \
-         "$FAKETIME" "${TESTDATE}" \
-         "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \
+         "${OPENSSL}" ocsp  -attime "${EPOCHTESTDATE}" \
+         -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \
          -port "${OCSP_PORT}" \
          -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \
          -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" \