Issue #2539


unit tests for repoauth are failing on Fedora 25

Added by about 6 years ago. Updated almost 4 years ago.

Start date:
Due date:
Estimated time:
2. Medium
Platform Release:
Sprint Candidate:
Pulp 2
Sprint 14


m2crypto 0.25 raises an exception when dealing with dates after 2050. The certificates we use for repoauth and oid_validation expire in 2116. As a result platform has 5 failing unit tests on Fedora 25.

Actions #1

Updated by semyers about 6 years ago

So is the fix to regenerate certs that expire in 2049? I'm not familiar with these certs off the top of my head, where do they live?

Actions #2

Updated by about 6 years ago

Yes, the idea is to generate new certs and sign them with the valid_ca.crt. The certs live in two places:

Actions #3

Updated by semyers about 6 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to semyers
  • Sprint/Milestone set to 32
  • Version set to 2.12.0
  • Groomed changed from No to Yes
  • Sprint Candidate changed from No to Yes

With that, I'm happy to call this groomed, and I think I can take care of this.

Actions #4

Updated by bizhang about 6 years ago

  • Triaged changed from No to Yes
Actions #5

Updated by semyers about 6 years ago

I was able to regenerate most certs using basic openssl commands, which fixed repoauth, but oid_validation is still breaking. It looks like the contents of the various ssl keys/certs get embedded into the test file as strings, where the repoauth tests load them from the filesystem. Since the repoauth tests are working fine this way, and it's a lot easier to make copy/paste openssl commands to write files than it is to get it to put stuff into python files, I think I'm going to fix up the oid_validation test suite to load its keys and certs from the filesystem similar to how repoauth does it.

I've been keeping docs on how to do this, so when we have to re-discover how to create test CAs and certs (including entitlement certs), we can hopefully follow the guide here and not require an openssl expert to fix/update our test fixtures.

Actions #6

Updated by semyers about 6 years ago

  • Status changed from ASSIGNED to POST

Added by semyers about 6 years ago

Revision 43cebf96

Update testing certificates for oid_validation and repoauth

It looks worse than it is. m2crypto has started to reject any certificate with and expiration data past 2050, which was the case with our testing certificates here. Since I fully expect we'll want to bring the repoauth and oid validation features forward to Pulp 3, I thought it was worth scripting up the openssl-fu necessary to easily remake these certificates in the future.

I reorganized the test_oid_validation file significantly, but the only real functional change was conflating the ideas of "VALID_CA2" and "INVALID_CA". There was actually nothing invalid about INVALID_CA; the only thing invalid about it was that it wasn't VALID_CA. This was also true for VALID_CA2, so they got merged into "OTHER_CA", since (as far as I could tell) there was no test that wanted to use both INVALID_CA and VALID_CA2 at the same time. Most of the churn comes from loading these certs from the filesystem instead of embedding them as strings in the test module. The repoauth tests already worked this way, but don't have as many testing certs, so the regenerate script also does repoauth a solid and updates its certs while it's freshening everything up.

Finally, I renamed the contants to be a little more consistent within the test module, and removed constants aren't being used anywhere.

Actions #8

Updated by semyers about 6 years ago

  • Status changed from POST to MODIFIED

I forgot to "closes" this issue in my commit :(

This went MODIFIED with the merge of 43cebf96a6af938e5688329d74959e0ca268bdf4

Actions #9

Updated by semyers about 6 years ago

  • Platform Release set to 2.12.1
Actions #10

Updated by semyers almost 6 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
  • Platform Release changed from 2.12.1 to master
Actions #11

Updated by bmbouter almost 5 years ago

  • Sprint set to Sprint 16
Actions #12

Updated by bmbouter almost 5 years ago

  • Sprint changed from Sprint 16 to Sprint 14
Actions #13

Updated by bmbouter almost 5 years ago

  • Sprint/Milestone deleted (32)
Actions #14

Updated by bmbouter almost 4 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF