From 53930cbe47529c4de9177538c98ffdb354b9854e Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Wed, 9 Oct 2024 11:16:08 +0200 Subject: [PATCH] gh-107562: make_ssl_certs.py: produce test certificates that expire far in the future by default (GH-107594) This allows testing Y2038 with system time set to after that, so that actual Y2038 issues can be exposed, and not masked by expired certificate errors. Signed-off-by: Alexander Kanavin --- Lib/test/certdata/make_ssl_certs.py | 4 ++-- Lib/test/test_ssl.py | 1 + .../next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst diff --git a/Lib/test/certdata/make_ssl_certs.py b/Lib/test/certdata/make_ssl_certs.py index 198c64035c5..18e61449638 100644 --- a/Lib/test/certdata/make_ssl_certs.py +++ b/Lib/test/certdata/make_ssl_certs.py @@ -9,8 +9,8 @@ import tempfile from subprocess import * startdate = "20180829142316Z" -enddate_default = "20371028142316Z" -days_default = "7000" +enddate_default = "25251028142316Z" +days_default = "140000" req_template = """ [ default ] diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 216aa84a8c1..b93fa0ed99f 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -383,6 +383,7 @@ class BasicSocketTests(unittest.TestCase): ssl.RAND_add(bytearray(b"this is a random bytearray object"), 75.0) def test_parse_cert(self): + self.maxDiff = None # note that this uses an 'unofficial' function in _ssl.c, # provided solely for this test, to exercise the certificate # parsing code diff --git a/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst b/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst new file mode 100644 index 00000000000..cc368d4bdff --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2023-08-03-17-26-55.gh-issue-107562.ZnbscS.rst @@ -0,0 +1,3 @@ +Test certificates have been updated to expire far in the future. This allows +testing Y2038 with system time set to after that, so that actual Y2038 +issues can be exposed, and not masked by expired certificate errors.