Re: gnutls 'name-constraints' test failure

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls 'name-constraints' test failure

From:	Ludovic Courtès
Subject:	Re: gnutls 'name-constraints' test failure
Date:	Sun, 17 Jul 2016 15:25:46 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Leo Famulari <address@hidden> skribis:

> On Sat, Jul 16, 2016 at 09:04:47PM +0200, nee wrote:
>> ./certtool: line 83: datefudge: command not found
>> 
>> You need datefudge to run this test
>> 
>> FAIL: name-constraints
>> ======================
>> 
>> Loaded 3 certificates, 1 CAs and 0 CRLs
>> 
>>      Subject: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key 
>> Infrastructure
>>      Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Root CA,OU=Public Key 
>> Infrastructure
>>      Output: Not verified. The certificate is NOT trusted. The certificate 
>> issuer is unknown. 
>> 
>>      Subject: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key 
>> Infrastructure
>>      Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Root CA,OU=Public Key 
>> Infrastructure
>>      Checked against: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key 
>> Infrastructure
>>      Output: Verified. The certificate is trusted. 
>> 
>>      Subject: C=US,O=Foo Bar Inc.,CN=bazz.foobar.com
>>      Issuer: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key 
>> Infrastructure
>>      Checked against: C=US,O=Foo Bar Inc.,CN=Foo Bar Sub CA 1,OU=Public Key 
>> Infrastructure
>>      Output: Not verified. The certificate is NOT trusted. The certificate 
>> chain uses expired certificate. 
>> 
>> Chain verification output: Not verified. The certificate is NOT trusted. The 
>> certificate chain uses expired certificate. 
>> 
>> name constraints test 1 failed
>
> The test certificates have expired.
>
> I think we need to apply this patch with a graft, from the gnutls_3_4_x
> branch:
> https://gitlab.com/gnutls/gnutls/commit/47f25d9e08d4e102572804a2aed186b01db23c65
>
> The effect is to skip the test, because we are missing the datefudge
> program [0].
>
> Or, we could package datefudge and add it to the gnutls recipe.

Interesting failure mode.

When Hydra is operational again, we can simply update GnuTLS, I think.

In the meantime grafting is a good idea.  Would you like to try that?

Thanks for the analysis!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

gnutls 'name-constraints' test failure, nee, 2016/07/16
- Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/17
  - Re: gnutls 'name-constraints' test failure, Andreas Enge, 2016/07/17
  - Re: gnutls 'name-constraints' test failure, Ludovic Courtès <=
    - Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/17
    - Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/18
    - Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/18
    - Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/18
    - Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/19
    - Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/19
    - Re: gnutls 'name-constraints' test failure, Leo Famulari, 2016/07/20
    - Re: gnutls 'name-constraints' test failure, Ludovic Courtès, 2016/07/20
    - Re: gnutls 'name-constraints' test failure, Efraim Flashner, 2016/07/18
    - gd on i686, Ludovic Courtès, 2016/07/19

Prev by Date: Re: lm-sensors vanished
Next by Date: Re: [PATCH 2/3] gnu: Add perl-log-log4perl.
Previous by thread: Re: gnutls 'name-constraints' test failure
Next by thread: Re: gnutls 'name-constraints' test failure
Index(es):
- Date
- Thread