[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls 'name-constraints' test failure
From: |
Leo Famulari |
Subject: |
Re: gnutls 'name-constraints' test failure |
Date: |
Sun, 17 Jul 2016 03:32:06 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
On Sat, Jul 16, 2016 at 09:04:47PM +0200, nee wrote:
> ./certtool: line 83: datefudge: command not found
>
> You need datefudge to run this test
>
> FAIL: name-constraints
> ======================
>
> Loaded 3 certificates, 1 CAs and 0 CRLs
>
> Subject: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key
> Infrastructure
> Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Root CA,OU=Public Key
> Infrastructure
> Output: Not verified. The certificate is NOT trusted. The certificate
> issuer is unknown.
>
> Subject: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key
> Infrastructure
> Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Root CA,OU=Public Key
> Infrastructure
> Checked against: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key
> Infrastructure
> Output: Verified. The certificate is trusted.
>
> Subject: C=US,O=Foo Bar Inc.,CN=bazz.foobar.com
> Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key
> Infrastructure
> Checked against: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key
> Infrastructure
> Output: Not verified. The certificate is NOT trusted. The certificate
> chain uses expired certificate.
>
> Chain verification output: Not verified. The certificate is NOT trusted. The
> certificate chain uses expired certificate.
>
> name constraints test 1 failed
The test certificates have expired.
I think we need to apply this patch with a graft, from the gnutls_3_4_x
branch:
https://gitlab.com/gnutls/gnutls/commit/47f25d9e08d4e102572804a2aed186b01db23c65
The effect is to skip the test, because we are missing the datefudge
program [0].
Or, we could package datefudge and add it to the gnutls recipe.
Thanks to Jookia for the tip.
[0]
https://packages.debian.org/sid/datefudge
- gnutls 'name-constraints' test failure, nee, 2016/07/16
- Re: gnutls 'name-constraints' test failure,
Leo Famulari <=
- Re: gnutls 'name-constraints' test failure, Andreas Enge, 2016/07/17
- Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/17
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/17
- Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/18
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/18
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/18
- Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/19
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/19
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/20
- Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/20