diff options
author | Daiki Ueno <ueno@gnu.org> | 2023-04-05 07:28:54 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2023-04-05 07:28:54 +0000 |
commit | 4ba4366d454ddadb48123b20bfba5f744278958c (patch) | |
tree | b83124adc95a78528b8df26c1dd20cf32ff53c1c | |
parent | b9196b7b7bc5f65abe454a586ffdeabd826eb3d1 (diff) | |
parent | 013767dae0d2403d5788fcf9fa6095c46c7733cf (diff) | |
download | gnutls-4ba4366d454ddadb48123b20bfba5f744278958c.tar.gz |
Merge branch 'tmp-ametzler-faketime' into 'master'
Use faketime instead of datefudge
See merge request gnutls/gnutls!1716
59 files changed, 255 insertions, 228 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ff7a747fc2..37ee2e5e3f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -44,7 +44,7 @@ For testing functionality of gnutls we use two test unit testing frameworks: Certificates for testing purposes are available at [cert-common.h](tests/cert-common.h). Note that we do not regenerate test certificates when they expire, but -we rather fix the test's time using datefudge or gnutls_global_set_time_function(). +we rather fix the test's time using faketime/datefudge or gnutls_global_set_time_function(). For example, see [x509cert-tl.c](tests/x509cert-tl.c). @@ -85,7 +85,8 @@ and mbedtls. * [Valgrind](https://valgrind.org/) (optional) * [Libasan](https://gcc.gnu.org//) (optional) -* [datefudge](https://packages.debian.org/datefudge) (optional) +* [faketime](https://github.com/wolfcw/libfaketime) (preferred) or + [datefudge](https://packages.debian.org/datefudge) (optional) * [nodejs](https://nodejs.org/) (needed for certain test cases) * [softhsm](https://www.opendnssec.org/softhsm/) (for testing smart card support) * [dieharder](https://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG) @@ -95,7 +96,7 @@ and mbedtls. Debian/Ubuntu: ``` -apt-get install -y valgrind nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect libev-dev +apt-get install -y valgrind nodejs softhsm2 faketime lcov libssl-dev libcmocka-dev expect libev-dev apt-get install -y dieharder openssl abigail-tools socat net-tools ppp util-linux ``` @@ -107,7 +108,7 @@ apt-get install -y v libubsan0 libasan1 Fedora/RHEL: ``` -yum install -y valgrind libasan libasan-static libubsan nodejs softhsm datefudge lcov openssl-devel expect libev-devel +yum install -y valgrind libasan libasan-static libubsan nodejs softhsm faketime lcov openssl-devel expect libev-devel yum install -y dieharder mbedtls-utils openssl libabigail libcmocka-devel socat util-linux ``` diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh index d8e8eabbc4..804fe5652a 100755 --- a/tests/cert-reencoding.sh +++ b/tests/cert-reencoding.sh @@ -238,18 +238,18 @@ _EOF echo "=== Bringing TLS server up ===" -TESTDATE="2018-03-01" +TESTDATE="2018-03-01 00:00:00" # Start OpenSSL TLS server # launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" s_server -cert ${SERVER_CERT_FILE} -key ${SERVER_KEY_FILE} \ -CAfile ${CA_FILE} -port ${PORT} -Verify 1 -verify_return_error -www SERVER_PID="${!}" wait_server "${SERVER_PID}" -datefudge -s "${TESTDATE}" \ +gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --x509certfile ${CLIENT_CERT_FILE} \ --x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \ --port="${PORT}" localhost </dev/null diff --git a/tests/cert-tests/alt-chain.sh b/tests/cert-tests/alt-chain.sh index b7490b8f63..177570e581 100755 --- a/tests/cert-tests/alt-chain.sh +++ b/tests/cert-tests/alt-chain.sh @@ -41,7 +41,7 @@ OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" echo "" -datefudge -s "2017-5-10" \ +gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${OLD_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} rc=$? @@ -52,7 +52,7 @@ if test "${rc}" != "1"; then fi echo "" -datefudge -s "2017-5-10" \ +gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${NEW_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} rc=$? diff --git a/tests/cert-tests/cert-critical.sh b/tests/cert-tests/cert-critical.sh index 5564146a2c..d65a8e9ee2 100755 --- a/tests/cert-tests/cert-critical.sh +++ b/tests/cert-tests/cert-critical.sh @@ -37,7 +37,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-root.pem rc=$? @@ -46,7 +46,7 @@ if test "${rc}" != "1"; then exit 1 fi -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-endcert.pem rc=$? @@ -55,7 +55,7 @@ if test "${rc}" != "1"; then exit 1 fi -datefudge "2017-2-28" \ +gnutls_timewrapper_standalone "2017-2-28" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-with-critical-on-intermediate.pem rc=$? diff --git a/tests/cert-tests/cert-non-digits-time.sh b/tests/cert-tests/cert-non-digits-time.sh index 16d5448972..930cedd09a 100755 --- a/tests/cert-tests/cert-non-digits-time.sh +++ b/tests/cert-tests/cert-non-digits-time.sh @@ -34,7 +34,7 @@ fi skip_if_no_datefudge # Check whether certificates with non-digits time fields are accepted -datefudge -s "2019-12-19" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND}"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-with-non-digits-time-ca.pem" --infile "${srcdir}/data/cert-with-non-digits-time.pem" rc=$? diff --git a/tests/cert-tests/certtool-eddsa.sh b/tests/cert-tests/certtool-eddsa.sh index ea5cc7f5db..be0c8e5d8d 100755 --- a/tests/cert-tests/certtool-eddsa.sh +++ b/tests/cert-tests/certtool-eddsa.sh @@ -126,7 +126,7 @@ rm -f "${KEYFILE}" skip_if_no_datefudge # Test certificate chain using Ed25519 -datefudge "2017-7-6" \ +gnutls_timewrapper_standalone "2017-7-6" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --infile ${srcdir}/data/chain-eddsa.pem if test $? != 0; then diff --git a/tests/cert-tests/certtool-rsa-pss.sh b/tests/cert-tests/certtool-rsa-pss.sh index 1a1aa4e65b..8dccc4e257 100755 --- a/tests/cert-tests/certtool-rsa-pss.sh +++ b/tests/cert-tests/certtool-rsa-pss.sh @@ -211,7 +211,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge "2012-11-22" \ +gnutls_timewrapper_standalone "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-rsa-pss.pem" --infile "${srcdir}/data/cert-rsa-pss.pem" rc=$? diff --git a/tests/cert-tests/certtool-verify-profiles.sh b/tests/cert-tests/certtool-verify-profiles.sh index f4c23e6431..862b4459c4 100755 --- a/tests/cert-tests/certtool-verify-profiles.sh +++ b/tests/cert-tests/certtool-verify-profiles.sh @@ -38,7 +38,7 @@ OUTFILE=out-pkcs7.$$.tmp skip_if_no_datefudge echo "Checking chain with insecure leaf" -datefudge -s "2019-12-19" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-leaf.pem" >${OUTFILE} rc=$? @@ -49,7 +49,7 @@ if test "${rc}" != "1"; then fi echo "Checking chain with insecure subca" -datefudge -s "2019-12-19" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-subca.pem" >${OUTFILE} rc=$? @@ -61,7 +61,7 @@ fi echo "Checking chain with insecure ca" -datefudge -s "2019-12-19" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-ca.pem" >${OUTFILE} rc=$? diff --git a/tests/cert-tests/certtool.sh b/tests/cert-tests/certtool.sh index 11b8b8f636..3ec820fad7 100755 --- a/tests/cert-tests/certtool.sh +++ b/tests/cert-tests/certtool.sh @@ -173,7 +173,7 @@ export TZ="UTC" skip_if_no_datefudge -cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|datefudge "2012-11-22" \ +cat "${srcdir}/../certs/cert-ecc256.pem" "${srcdir}/../certs/ca-cert-ecc.pem"|gnutls_timewrapper_standalone "2012-11-22" \ ${VALGRIND} "${CERTTOOL}" --verify-chain rc=$? diff --git a/tests/cert-tests/crl.sh b/tests/cert-tests/crl.sh index 6a02a429d1..d097017473 100755 --- a/tests/cert-tests/crl.sh +++ b/tests/cert-tests/crl.sh @@ -172,7 +172,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \ +gnutls_timewrapper_standalone static "2020-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-test.pem" \ --load-certificate "${srcdir}/data/ca-certs.pem" --template \ @@ -194,7 +194,7 @@ fi if test "${ac_cv_sizeof_time_t}" = 8;then # we should test that on systems which have 64-bit time_t - datefudge -s "2138-01-20 10:00:00" ${VALGRIND} \ + gnutls_timewrapper_standalone static "2138-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-test.pem" \ --load-certificate "${srcdir}/data/ca-certs.pem" --template \ diff --git a/tests/cert-tests/crq.sh b/tests/cert-tests/crq.sh index 21044cfa3f..d555fdb289 100755 --- a/tests/cert-tests/crq.sh +++ b/tests/cert-tests/crq.sh @@ -59,7 +59,7 @@ fi rm -f "${OUTFILE}" # check whether the honor_crq_extension option works -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -78,7 +78,7 @@ if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=] exit 1 fi -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \ @@ -130,8 +130,8 @@ N N __EOF__ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ setsid \ -datefudge -s "2007-04-22" \ "${CERTTOOL}" -q \ --load-privkey "${srcdir}/data/template-test.key" \ --outfile "${OUTFILE}" <$TMPFILE 2>/dev/null @@ -147,7 +147,7 @@ if test "${rc}" != "0"; then fi # check whether the generation with extension works -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ @@ -168,7 +168,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with no explicit extensions -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ @@ -191,7 +191,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with CRQ extensions -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ @@ -214,7 +214,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with explicit extensions -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ diff --git a/tests/cert-tests/inhibit-anypolicy.sh b/tests/cert-tests/inhibit-anypolicy.sh index 7623f7c0ac..398350da03 100755 --- a/tests/cert-tests/inhibit-anypolicy.sh +++ b/tests/cert-tests/inhibit-anypolicy.sh @@ -37,7 +37,7 @@ SUBCAFILE=inhibit-subca.$$.tmp skip_if_no_datefudge -datefudge -s "2017-04-22" \ +gnutls_timewrapper_standalone static "2017-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/key-ca.pem" \ --template "${srcdir}/templates/inhibit-anypolicy.tmpl" \ @@ -56,7 +56,7 @@ fi echo ca > $TEMPLFILE echo "cn = sub-CA" >> $TEMPLFILE -datefudge -s "2017-04-23" \ +gnutls_timewrapper_standalone static "2017-04-23 00:00:00" \ "${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ --load-ca-privkey "${srcdir}/data/key-ca.pem" \ --load-ca-certificate $CAFILE \ @@ -71,7 +71,7 @@ fi cat $SUBCAFILE $CAFILE > ${TMPFILE} # we do not support the inhibit any policy extension for verification -datefudge -s "2017-04-25" "${CERTTOOL}" --verify-chain --infile ${TMPFILE} +gnutls_timewrapper_standalone static "2017-04-25 00:00:00" "${CERTTOOL}" --verify-chain --infile ${TMPFILE} rc=$? if test "$rc" != "0"; then echo "Verification failed unexpectedly ($rc)" diff --git a/tests/cert-tests/invalid-sig.sh b/tests/cert-tests/invalid-sig.sh index f621614062..663cf5b737 100755 --- a/tests/cert-tests/invalid-sig.sh +++ b/tests/cert-tests/invalid-sig.sh @@ -84,19 +84,16 @@ if test $rc = 0; then exit 1 fi -if check_for_datefudge; then - #this was causing a double free; verify that we receive the expected error code - datefudge -s 2020-01-01 \ - ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" - rc=$? - - # We're done. - if test $rc != 1; then - echo "Verification of invalid signature (6) failed" - exit 1 - fi -else - echo "Verification of invalid signature (6) skipped" +skip_if_no_datefudge +#this was causing a double free; verify that we receive the expected error code +gnutls_timewrapper_standalone static "2020-01-01 00:00:00" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" +rc=$? + +# We're done. +if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 fi exit 0 diff --git a/tests/cert-tests/krb5-test.sh b/tests/cert-tests/krb5-test.sh index a4787f6695..401b910d83 100755 --- a/tests/cert-tests/krb5-test.sh +++ b/tests/cert-tests/krb5-test.sh @@ -41,10 +41,10 @@ if ! test -z "${VALGRIND}"; then fi # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-krb5name.tmpl" \ @@ -70,7 +70,7 @@ fi cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} echo "krb5_principal = 'xxxxxxxxxxxxxx'" >>${TMPLFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template ${TMPLFILE} \ @@ -87,7 +87,7 @@ fi cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} echo "krb5_principal = 'comp1/comp2/comp3/comp4/comp5/comp6/comp7/comp8/comp9/comp10@REALM.COM'" >>${TMPLFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template ${TMPLFILE} \ diff --git a/tests/cert-tests/md5-test.sh b/tests/cert-tests/md5-test.sh index 4cea9e8e4c..c6f955a737 100755 --- a/tests/cert-tests/md5-test.sh +++ b/tests/cert-tests/md5-test.sh @@ -37,7 +37,7 @@ skip_if_no_datefudge # Test MD5 signatures -datefudge -s "2016-04-15" \ +gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \ "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 rc=$? if test "${rc}" != "1"; then @@ -45,7 +45,7 @@ if test "${rc}" != "1"; then exit ${rc} fi -datefudge -s "2016-04-15" \ +gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \ "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/name-constraints.sh b/tests/cert-tests/name-constraints.sh index aa411d7f6d..8cf002ecf4 100755 --- a/tests/cert-tests/name-constraints.sh +++ b/tests/cert-tests/name-constraints.sh @@ -37,7 +37,7 @@ TMPFILE=constraints.$$.pem.tmp skip_if_no_datefudge -datefudge -s "2016-04-22" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem" rc=$? diff --git a/tests/cert-tests/othername-test.sh b/tests/cert-tests/othername-test.sh index 6d1b697dc3..e8780e77ef 100755 --- a/tests/cert-tests/othername-test.sh +++ b/tests/cert-tests/othername-test.sh @@ -35,10 +35,10 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-othername.tmpl" \ @@ -53,7 +53,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-othername-xmpp.tmpl" \ diff --git a/tests/cert-tests/pkcs1-pad.sh b/tests/cert-tests/pkcs1-pad.sh index 03db104b8d..f7df8eaaef 100755 --- a/tests/cert-tests/pkcs1-pad.sh +++ b/tests/cert-tests/pkcs1-pad.sh @@ -42,8 +42,8 @@ TMPFILE2=pkcs1-pad-2.$$.tmp EXPECT1=2002 -datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 -datefudge "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken.pem" | tee $TMPFILE2 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` @@ -65,8 +65,8 @@ echo "PKCS1-PAD1 OK" EXPECT2=2002 -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-ok2.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken2.pem" | tee $TMPFILE2 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out2oks=`grep 'Verified.' $TMPFILE2 | wc -l | tr -d " "` @@ -88,7 +88,7 @@ echo "PKCS1-PAD2 OK" # by Andrei Pyshkin, Erik Tews and Ralf-Philipp Weinmann. -datefudge "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 +gnutls_timewrapper_standalone "2006-09-23" "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/pkcs1-pad-broken3.pem" | tee $TMPFILE1 >/dev/null 2>&1 out1oks=`grep 'Verified.' $TMPFILE1 | wc -l | tr -d " "` out1fails=`grep 'Not verified.' $TMPFILE1 | wc -l | tr -d " "` diff --git a/tests/cert-tests/pkcs7-cat.sh b/tests/cert-tests/pkcs7-cat.sh index 8a8681d09f..50f3bc5e73 100755 --- a/tests/cert-tests/pkcs7-cat.sh +++ b/tests/cert-tests/pkcs7-cat.sh @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh skip_if_no_datefudge -datefudge -s "2016-10-1" \ +gnutls_timewrapper_standalone static "2016-10-01 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints.sh b/tests/cert-tests/pkcs7-constraints.sh index e0606d7082..7587c3a946 100755 --- a/tests/cert-tests/pkcs7-constraints.sh +++ b/tests/cert-tests/pkcs7-constraints.sh @@ -51,7 +51,7 @@ fi FILE="signing-verify-no-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -63,7 +63,7 @@ fi FILE="signing-verify-valid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -75,7 +75,7 @@ fi FILE="signing-verify-invalid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -87,7 +87,7 @@ fi FILE="signing-verify-invalid-date-1" echo "" echo "test: $FILE" -datefudge -s "2011-1-10" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -99,7 +99,7 @@ fi FILE="signing-verify-invalid-date-2" echo "" echo "test: $FILE" -datefudge -s "2018-1-10" \ +gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints2.sh b/tests/cert-tests/pkcs7-constraints2.sh index 7fa333a153..609bcb7786 100755 --- a/tests/cert-tests/pkcs7-constraints2.sh +++ b/tests/cert-tests/pkcs7-constraints2.sh @@ -51,7 +51,7 @@ fi FILE="signing-verify-no-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -63,7 +63,7 @@ fi FILE="signing-verify-valid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -75,7 +75,7 @@ fi FILE="signing-verify-invalid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-1-10" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -87,7 +87,7 @@ fi FILE="signing-verify-invalid-date-1" echo "" echo "test: $FILE" -datefudge -s "2011-1-10" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -99,7 +99,7 @@ fi FILE="signing-verify-invalid-date-2" echo "" echo "test: $FILE" -datefudge -s "2018-1-10" \ +gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/pkcs7.sh b/tests/cert-tests/pkcs7.sh index 6122a31859..e1bf874552 100755 --- a/tests/cert-tests/pkcs7.sh +++ b/tests/cert-tests/pkcs7.sh @@ -80,7 +80,7 @@ fi for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do # check validation with date prior to CA issuance -datefudge -s "2011-1-10" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? @@ -90,7 +90,7 @@ if test "${rc}" = "0"; then fi # check validation with date prior to intermediate cert issuance -datefudge -s "2011-5-28 08:38:00 UTC" \ +env TZ=UTC gnutls_timewrapper_standalone static "2011-05-28 08:38:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? @@ -100,7 +100,7 @@ if test "${rc}" = "0"; then fi # check validation with date after intermediate cert issuance -datefudge -s "2038-10-13" \ +gnutls_timewrapper_standalone static "2038-10-13 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/rsa-pss-pad.sh b/tests/cert-tests/rsa-pss-pad.sh index 4a1928c664..298de392a3 100755 --- a/tests/cert-tests/rsa-pss-pad.sh +++ b/tests/cert-tests/rsa-pss-pad.sh @@ -35,13 +35,13 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) # Test PSS signatures on certificate for i in sha256 sha384 sha512;do -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed --key-type rsa-pss \ --load-privkey "${srcdir}/data/privkey1.pem" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -59,7 +59,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/sha3-test.sh b/tests/cert-tests/sha3-test.sh index a3c015555d..6fd4b0307c 100755 --- a/tests/cert-tests/sha3-test.sh +++ b/tests/cert-tests/sha3-test.sh @@ -35,13 +35,13 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) # Test SHA3 signatures for i in sha3-224 sha3-256 sha3-384 sha3-512;do -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -59,7 +59,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then @@ -71,7 +71,7 @@ done # Test SHA3 signatures with ECDSA for i in sha3-224 sha3-256 sha3-384 sha3-512;do -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test-ecc.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -83,7 +83,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/smime.sh b/tests/cert-tests/smime.sh index b4fde1351a..5e3ab17c50 100755 --- a/tests/cert-tests/smime.sh +++ b/tests/cert-tests/smime.sh @@ -46,7 +46,7 @@ if test "${rc}" != "0"; then fi -datefudge -s "2017-4-6" \ +gnutls_timewrapper_standalone static "2017-04-06 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/template-exts-test.sh b/tests/cert-tests/template-exts-test.sh index da4ccb0622..c3f99253a2 100755 --- a/tests/cert-tests/template-exts-test.sh +++ b/tests/cert-tests/template-exts-test.sh @@ -34,7 +34,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ @@ -52,7 +52,7 @@ fi rm -f "$OUTFILE" # Test adding critical extensions only -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/crit-extensions.tmpl" \ @@ -69,7 +69,7 @@ fi rm -f "$OUTFILE" -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ diff --git a/tests/cert-tests/template-policy-test.sh b/tests/cert-tests/template-policy-test.sh index c82be96957..e0eda056c7 100755 --- a/tests/cert-tests/template-policy-test.sh +++ b/tests/cert-tests/template-policy-test.sh @@ -34,7 +34,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/simple-policy.tmpl" \ diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh index 0233211287..1dda7aefd7 100755 --- a/tests/cert-tests/template-test.sh +++ b/tests/cert-tests/template-test.sh @@ -38,10 +38,10 @@ skip_if_no_datefudge echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -58,7 +58,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-utf8.tmpl" \ @@ -75,7 +75,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dn.tmpl" \ @@ -94,7 +94,7 @@ rm -f ${TMPFILE} echo "Running test for certificate generation with --generate-self-signed" -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-privkey "${srcdir}/data/template-test.key" \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ @@ -113,7 +113,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dn-err.tmpl" \ @@ -127,7 +127,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-overflow.tmpl" \ @@ -146,7 +146,7 @@ rm -f ${TMPFILE} # The following test works in 64-bit systems -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-overflow2.tmpl" \ @@ -176,7 +176,7 @@ else fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-date.tmpl" \ @@ -193,7 +193,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dates-after2038.tmpl" \ @@ -223,7 +223,7 @@ rm -f ${TMPFILE} # Test name constraints generation -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-nc.tmpl" \ @@ -244,7 +244,7 @@ rm -f ${TMPFILE} # Test the GeneralizedTime support if test "${ac_cv_sizeof_time_t}" = 8;then # we should test that on systems which have 64-bit time_t. - datefudge -s "2051-04-22" \ + gnutls_timewrapper_standalone static "2051-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-generalized.tmpl" \ @@ -264,7 +264,7 @@ rm -f ${TMPFILE} # Test unique ID field generation -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-unique.tmpl" \ @@ -283,7 +283,7 @@ rm -f ${TMPFILE} # Test generation with very long dns names -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-long-dns.tmpl" \ @@ -302,7 +302,7 @@ rm -f ${TMPFILE} # Test generation with larger serial number -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-long-serial.tmpl" \ diff --git a/tests/cert-tests/tlsfeature-test.sh b/tests/cert-tests/tlsfeature-test.sh index 203563f819..109a9de462 100755 --- a/tests/cert-tests/tlsfeature-test.sh +++ b/tests/cert-tests/tlsfeature-test.sh @@ -38,7 +38,7 @@ skip_if_no_datefudge # # Test certificate generation # -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -97,7 +97,7 @@ fi # Test certificate request generation # -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -158,7 +158,7 @@ fi # # Test certificate generation after a request # -datefudge -s "2007-04-22" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-privkey "${srcdir}/data/template-test.key" \ --load-ca-privkey "${srcdir}/data/template-test.key" \ diff --git a/tests/certtool-pkcs11.sh b/tests/certtool-pkcs11.sh index 26d6963810..ccb244666b 100755 --- a/tests/certtool-pkcs11.sh +++ b/tests/certtool-pkcs11.sh @@ -115,7 +115,7 @@ verify_certificate_test() { file=$2 echo -n "* Verifying a certificate... " - datefudge -s "2015-10-10" \ + gnutls_timewrapper_standalone static "2015-10-10 00:00:00" \ $CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1 if test $? = 0; then echo ok diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 3c3e2214e5..d4b7700857 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -71,7 +71,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.1" --x PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -118,7 +118,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -160,7 +160,7 @@ launch_server --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:-RSA PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -186,7 +186,7 @@ tls-disabled-cipher = CAMELLIA-256-CBC _EOF_ GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" \ -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} @@ -209,7 +209,7 @@ if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then PID=$! wait_server ${PID} - timeout 1800 datefudge "2017-08-9" \ + gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" kill ${PID} diff --git a/tests/gnutls-cli-invalid-crl.sh b/tests/gnutls-cli-invalid-crl.sh index 32e72630f7..5d42148139 100755 --- a/tests/gnutls-cli-invalid-crl.sh +++ b/tests/gnutls-cli-invalid-crl.sh @@ -168,7 +168,7 @@ launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} -datefudge "2018-9-19" \ +gnutls_timewrapper_standalone "2018-9-19" \ ${VALGRIND} "${CLI}" -p "${PORT}" localhost --x509crlfile ${CRLFILE} --x509cafile ${CAFILE} >${TMPFILE} 2>&1 </dev/null && \ fail ${PID} "1. handshake should have failed!" diff --git a/tests/gnutls-cli-self-signed.sh b/tests/gnutls-cli-self-signed.sh index 8fd7ea9e47..30ba64e25e 100755 --- a/tests/gnutls-cli-self-signed.sh +++ b/tests/gnutls-cli-self-signed.sh @@ -123,7 +123,7 @@ launch_server --echo --x509keyfile ${TMPFILE} --x509certfile ${TMPFILE} PID=$! wait_server ${PID} -datefudge "2018-1-1" \ +gnutls_timewrapper_standalone "2018-1-1" \ ${VALGRIND} "${CLI}" -p "${PORT}" localhost >${TMPFILE} 2>&1 </dev/null && \ fail ${PID} "1. handshake should have failed!" diff --git a/tests/ocsp-tests/ocsp-load-chain.sh b/tests/ocsp-tests/ocsp-load-chain.sh index 33cc020fcb..96c26085a6 100755 --- a/tests/ocsp-tests/ocsp-load-chain.sh +++ b/tests/ocsp-tests/ocsp-load-chain.sh @@ -33,7 +33,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2017-06-19" \ +gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \ "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken rc=$? @@ -43,7 +43,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2017-06-19" \ +gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \ "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken rc=$? @@ -54,7 +54,7 @@ if test "${rc}" != "0"; then fi # verify an OCSP response using ECDSA -datefudge -s "2017-06-29" \ +gnutls_timewrapper_standalone static "2017-06-29 00:00:00" \ "${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der" rc=$? diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh index 880e50bbe5..29c1158785 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection.sh +++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh @@ -74,9 +74,9 @@ if ! ("$OPENSSL" version) > /dev/null 2>&1; then exit 77 fi -CERTDATE="2016-04-28" -TESTDATE="2016-04-29" -EXP_OCSP_DATE="2016-03-27" +CERTDATE="2016-04-28 00:00:00" +TESTDATE="2016-04-29 00:00:00" +EXP_OCSP_DATE="2016-03-27 00:00:00" OCSP_PID="" TLS_SERVER_PID="" @@ -100,7 +100,7 @@ chmod u+w "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -109,7 +109,7 @@ datefudge -s "${CERTDATE}" ${CERTTOOL} \ # Generate certificates with the random port (with mandatory stapling extension) echo "tls_feature = 5" >>"$TEMPLATE_FILE" -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -129,7 +129,7 @@ cp "${srcdir}/ocsp-tests/certs/ocsp_index.txt.attr" ${ATTRFILE} # SO_REUSEADDR usage. PORT=${OCSP_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${INDEXFILE}" -text \ -port "${OCSP_PORT}" \ -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ @@ -145,7 +145,7 @@ echo "=== Verifying OCSP server is up ===" t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" \ @@ -170,7 +170,7 @@ echo "=== Test 1: Server with valid certificate - no staple ===" PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -181,7 +181,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -202,7 +202,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -214,7 +214,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -237,7 +237,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -249,7 +249,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -273,7 +273,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -285,7 +285,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -307,7 +307,7 @@ rm -f "${OCSP_RESPONSE_FILE}" # Generate an OCSP response which expires in 2 days and use it after # a month. gnutls server doesn't send such a staple to clients. ${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" -datefudge -s ${EXP_OCSP_DATE} \ +gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \ ${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 eval "${GETPORT}" @@ -331,7 +331,7 @@ fi echo "=== Test 5.1: Server with valid certificate - expired staple (ignoring errors) ===" launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -344,7 +344,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -367,7 +367,7 @@ echo "=== Test 6: Server with valid certificate - old staple ===" rm -f "${OCSP_RESPONSE_FILE}" ${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" -datefudge -s ${EXP_OCSP_DATE} \ +gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \ ${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" eval "${GETPORT}" @@ -375,7 +375,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -387,7 +387,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -410,7 +410,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -422,7 +422,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -445,7 +445,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_NO_EXT_FILE}" \ @@ -457,7 +457,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -478,7 +478,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -490,7 +490,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/ocsp-tests/ocsp-signer-verify.sh b/tests/ocsp-tests/ocsp-signer-verify.sh index ce815ceadb..4d58f87469 100755 --- a/tests/ocsp-tests/ocsp-signer-verify.sh +++ b/tests/ocsp-tests/ocsp-signer-verify.sh @@ -31,14 +31,14 @@ export TZ="UTC" skip_if_no_datefudge -date="2021-07-14 00:00" +date="2021-07-14 00:00:00" sample_dir="${srcdir}/ocsp-tests/signer-verify" trusted="${sample_dir}/trust.pem" verify_response () { echo "verifying ${sample_dir}/${1} using ${trusted}" - datefudge --static "${date}" \ + gnutls_timewrapper_standalone static "${date}" \ "${OCSPTOOL}" --infile="${sample_dir}/${1}" \ --verify-response --load-trust="${trusted}" return $? diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh index ba173258d1..127bcb3afb 100755 --- a/tests/ocsp-tests/ocsp-test.sh +++ b/tests/ocsp-tests/ocsp-test.sh @@ -34,10 +34,10 @@ export TZ="UTC" skip_if_no_datefudge # Note that in rare cases this test may fail because the -# time set using datefudge could have changed since the generation +# time set using faketime/datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2016-04-22" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der" rc=$? @@ -47,7 +47,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2016-04-22" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der" rc=$? @@ -57,7 +57,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2016-04-22" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4 rc=$? diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh index 172c8431b2..e59c25f60c 100755 --- a/tests/ocsp-tests/ocsp-tls-connection.sh +++ b/tests/ocsp-tests/ocsp-tls-connection.sh @@ -74,8 +74,8 @@ if ! ("$OPENSSL" version) > /dev/null 2>&1; then exit 77 fi -CERTDATE="2016-04-28" -TESTDATE="2016-04-29" +CERTDATE="2016-04-28 00:00:00" +TESTDATE="2016-04-29 00:00:00" OCSP_PID="" TLS_SERVER_PID="" @@ -96,7 +96,7 @@ chmod u+w "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -111,7 +111,7 @@ echo "=== Bringing OCSP server up ===" # SO_REUSEADDR usage. PORT=${OCSP_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${OPENSSL}" ocsp -index "${srcdir}/ocsp-tests/certs/ocsp_index.txt" -text \ -port "${OCSP_PORT}" \ -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" \ @@ -127,7 +127,7 @@ echo "=== Verifying OCSP server is up ===" t=0 while test "${t}" -lt "${SERVER_START_TIMEOUT}"; do # Run a test request to make sure the server works - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ ${VALGRIND} "${OCSPTOOL}" --ask \ --load-cert "${SERVER_CERT_FILE}" \ --load-issuer "${srcdir}/ocsp-tests/certs/ca.pem" @@ -149,7 +149,7 @@ echo "=== Test 1: Server with valid certificate ===" PORT=${TLS_SERVER_PORT} launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_good.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -160,7 +160,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -182,7 +182,7 @@ cp "${srcdir}/ocsp-tests/certs/server_bad.template" "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_bad.key" \ @@ -194,7 +194,7 @@ eval "${GETPORT}" TLS_SERVER_PORT=$PORT launch_bare_server \ - datefudge "${TESTDATE}" \ + gnutls_timewrapper_standalone "${TESTDATE}" \ "${SERV}" --echo --disable-client-cert \ --x509keyfile="${srcdir}/ocsp-tests/certs/server_bad.key" \ --x509certfile="${SERVER_CERT_FILE}" \ @@ -204,7 +204,7 @@ wait_server ${TLS_SERVER_PID} wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/pkcs7-cat.sh b/tests/pkcs7-cat.sh index 22dc5fdb5c..12929868ea 100755 --- a/tests/pkcs7-cat.sh +++ b/tests/pkcs7-cat.sh @@ -36,7 +36,7 @@ fi skip_if_no_datefudge #try verification -datefudge -s "2010-10-10" \ +gnutls_timewrapper_standalone static "2010-10-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? @@ -45,7 +45,7 @@ if test "${rc}" = "0"; then exit 1 fi -datefudge -s "2016-10-10" \ +gnutls_timewrapper_standalone static "2016-10-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/rsa-md5-collision/rsa-md5-collision.sh b/tests/rsa-md5-collision/rsa-md5-collision.sh index 8e7cdc1cf0..cbd4565609 100755 --- a/tests/rsa-md5-collision/rsa-md5-collision.sh +++ b/tests/rsa-md5-collision/rsa-md5-collision.sh @@ -36,7 +36,7 @@ skip_if_no_datefudge ASAN_OPTIONS="detect_leaks=0" export ASAN_OPTIONS -datefudge -s "2006-10-1" \ +gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem" if test $? = 0;then echo "Verification on chain1 succeeded" @@ -50,7 +50,7 @@ if test $? != 0;then fi -datefudge -s "2006-10-1" \ +gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem" if test $? = 0;then echo "Verification on chain2 succeeded" diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh index 8afc50f17f..d2071ec411 100644 --- a/tests/scripts/common.sh +++ b/tests/scripts/common.sh @@ -95,26 +95,55 @@ GETPORT=' done ' -check_for_datefudge() { - # On certain platforms running datefudge date fails (e.g., x86 datefudge - # with x86-64 date app). - if test "${SKIP_DATEFUDGE_CHECK}" = 1;then - return - fi +skip_if_no_datefudge() { + # Prefer faketime, fall back to datefudge. + # Allow datefudge/faketime to be manually selected by setting env-var + if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then + if test "$WINDOWS" = 1; then + exit 77 + fi - TSTAMP=`datefudge -s "2006-09-23" "${top_builddir}/tests/datefudge-check" || true` - if test "$TSTAMP" != "1158969600" || test "$WINDOWS" = 1; then - return 1 + TSTAMP=`faketime -f "2006-09-23 00:00:00" "${top_builddir}/tests/datefudge-check" || true` + if test "$TSTAMP" = "1158969600"; then + GNUTLS_TIMEWRAPPER_CMD=faketime + else + TSTAMP=`datefudge -s "2006-09-23 00:00:00" "${top_builddir}/tests/datefudge-check" || true` + if test "$TSTAMP" = "1158969600"; then + GNUTLS_TIMEWRAPPER_CMD=datefudge + else + echo "You need faketime/datefudge to run this test" + exit 77 + fi + fi fi } -skip_if_no_datefudge() { - if ! check_for_datefudge; then - echo "You need datefudge to run this test" - exit 77 +gnutls_timewrapper_standalone() { + if test -z "${GNUTLS_TIMEWRAPPER_CMD}" ; then + echo "Missing invocation of skip_if_no_datefudge()" + exit 1 + fi + + if [ "$1" = "static" ] ; then + shift + case ${GNUTLS_TIMEWRAPPER_CMD} in + faketime) + faketime -f "$@" + ;; + datefudge) + datefudge -s "$@" + ;; + *) + echo "GNUTLS_TIMEWRAPPER_CMD ${GNUTLS_TIMEWRAPPER_CMD} invalid" 1>&2 + exit 1 + ;; + esac + else + ${GNUTLS_TIMEWRAPPER_CMD} "$@" fi } + fail() { PID="$1" shift diff --git a/tests/server-multi-keys.sh b/tests/server-multi-keys.sh index e76aaa95c5..43b2cf360a 100755 --- a/tests/server-multi-keys.sh +++ b/tests/server-multi-keys.sh @@ -64,15 +64,15 @@ launch_server --echo --priority "NORMAL:+ECDHE-RSA:+ECDHE-ECDSA" --x509keyfile $ PID=$! wait_server ${PID} -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA" </dev/null || \ fail ${PID} "1. handshake with RSA should have succeeded!" -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-ECDSA" </dev/null || \ fail ${PID} "2. handshake with ECC should have succeeded!" -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "3. handshake with RSA should have succeeded!" @@ -81,13 +81,13 @@ if test $? != 0;then fail ${PID} "3. the certificate used by server was not the expected" fi -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:+SIGN-RSA-SHA256:+SIGN-RSA-PSS-RSAE-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "4. handshake with RSA should have succeeded!" # check whether the server used the RSA-PSS certificate when we asked for RSA-PSS signature -timeout 1800 datefudge "2017-08-9" \ +gnutls_timewrapper_standalone "2017-08-9" timeout 1800 \ "${CLI}" -p "${PORT}" localhost --x509cafile ${CAFILE} --priority "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-PSS-SHA256" --save-cert ${TMPFILE} </dev/null || \ fail ${PID} "4. handshake with RSA-PSS and SHA256 should have succeeded!" diff --git a/tests/server-weak-keys.sh b/tests/server-weak-keys.sh index 7ae7890eec..2eef393eb7 100755 --- a/tests/server-weak-keys.sh +++ b/tests/server-weak-keys.sh @@ -57,11 +57,11 @@ launch_server --echo --priority "NORMAL" --x509keyfile ${KEY1} --x509certfile ${ PID=$! wait_server ${PID} -timeout 1800 datefudge "2019-12-20" \ +gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \ "${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 </dev/null && \ fail ${PID} "1. handshake with RSA should have failed!" -timeout 1800 datefudge "2019-12-20" \ +gnutls_timewrapper_standalone "2019-12-20" timeout 1800 \ "${CLI}" -d 4 -p "${PORT}" localhost --x509cafile ${CERT1} --priority NORMAL </dev/null && \ fail ${PID} "2. handshake with RSA should have failed!" diff --git a/tests/suite/testcompat-openssl-cli-compat.sh b/tests/suite/testcompat-openssl-cli-compat.sh index f3513acb55..4c42a58110 100755 --- a/tests/suite/testcompat-openssl-cli-compat.sh +++ b/tests/suite/testcompat-openssl-cli-compat.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-openssl-cli-no-etm.sh b/tests/suite/testcompat-openssl-cli-no-etm.sh index aa941d7092..78bb2b4eb1 100755 --- a/tests/suite/testcompat-openssl-cli-no-etm.sh +++ b/tests/suite/testcompat-openssl-cli-no-etm.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-openssl-cli.sh b/tests/suite/testcompat-openssl-cli.sh index 3e1b67018e..d0c6324ada 100755 --- a/tests/suite/testcompat-openssl-cli.sh +++ b/tests/suite/testcompat-openssl-cli.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-cli-common.sh" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-compat.sh b/tests/suite/testcompat-openssl-serv-compat.sh index 79a2b458e5..abeed2caed 100755 --- a/tests/suite/testcompat-openssl-serv-compat.sh +++ b/tests/suite/testcompat-openssl-serv-compat.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-etm.sh b/tests/suite/testcompat-openssl-serv-no-etm.sh index 68c540f67f..9b79afcf6f 100755 --- a/tests/suite/testcompat-openssl-serv-no-etm.sh +++ b/tests/suite/testcompat-openssl-serv-no-etm.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh index 4e71716c54..fee57369d2 100755 --- a/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh +++ b/tests/suite/testcompat-openssl-serv-no-safe-renegotiation.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%DISABLE_SAFE_RENEGOTIATION" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-no-tickets.sh b/tests/suite/testcompat-openssl-serv-no-tickets.sh index 137b697b20..eab663c7d8 100755 --- a/tests/suite/testcompat-openssl-serv-no-tickets.sh +++ b/tests/suite/testcompat-openssl-serv-no-tickets.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%NO_TICKETS" ret=$? diff --git a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh index dd866af888..e58e20b49d 100755 --- a/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh +++ b/tests/suite/testcompat-openssl-serv-safe-renegotiation.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ":%SAFE_RENEGOTIATION" ret=$? diff --git a/tests/suite/testcompat-openssl-serv.sh b/tests/suite/testcompat-openssl-serv.sh index 788e2abea2..454a1b3f75 100755 --- a/tests/suite/testcompat-openssl-serv.sh +++ b/tests/suite/testcompat-openssl-serv.sh @@ -51,12 +51,12 @@ fi export TZ="UTC" -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-openssl-serv-common.sh" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv-compat.sh b/tests/suite/testcompat-polarssl-serv-compat.sh index 841c3c61ce..aee90db4ce 100755 --- a/tests/suite/testcompat-polarssl-serv-compat.sh +++ b/tests/suite/testcompat-polarssl-serv-compat.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ":%COMPAT" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv-no-etm.sh b/tests/suite/testcompat-polarssl-serv-no-etm.sh index d64dbaad28..8212a88a11 100755 --- a/tests/suite/testcompat-polarssl-serv-no-etm.sh +++ b/tests/suite/testcompat-polarssl-serv-no-etm.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ":%NO_ETM" ret=$? diff --git a/tests/suite/testcompat-polarssl-serv.sh b/tests/suite/testcompat-polarssl-serv.sh index f4ed2ba6d1..f9af51c11a 100755 --- a/tests/suite/testcompat-polarssl-serv.sh +++ b/tests/suite/testcompat-polarssl-serv.sh @@ -39,7 +39,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then exit 77 fi -# Check for datefudge +# Check for faketime/datefudge . "${srcdir}/../scripts/common.sh" skip_if_no_datefudge @@ -50,7 +50,7 @@ if test $? = 0; then exit 77 fi -timeout 1800 datefudge "2012-09-02" \ +gnutls_timewrapper_standalone "2012-09-02" timeout 1800 \ "${srcdir}/testcompat-polarssl-serv-common.sh" ret=$? diff --git a/tests/system-override-profiles.sh b/tests/system-override-profiles.sh index 1b03bdb598..409057d97c 100755 --- a/tests/system-override-profiles.sh +++ b/tests/system-override-profiles.sh @@ -62,17 +62,17 @@ _EOF_ export GNUTLS_DEBUG_LEVEL=3 unset GNUTLS_SYSTEM_PRIORITY_FILE -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (1)" export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (2)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (3)" @@ -85,17 +85,17 @@ _EOF_ unset GNUTLS_SYSTEM_PRIORITY_FILE -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null || fail "expected connection to succeed (1)" export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_LOW --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && fail "expected connection to fail (1)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:%PROFILE_MEDIUM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" --logfile ${TMPFILE2} </dev/null >/dev/null && fail "expected connection to fail (2)" diff --git a/tests/system-override-tls.sh b/tests/system-override-tls.sh index a0ad3d0e4d..b4623d9927 100755 --- a/tests/system-override-tls.sh +++ b/tests/system-override-tls.sh @@ -53,11 +53,11 @@ wait_server ${PID} #successful case, test whether the ciphers we disable below work echo "Sanity testing" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (1)" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage1: expected connection to succeed (2)" @@ -76,43 +76,43 @@ export GNUTLS_SYSTEM_PRIORITY_FILE echo "Testing TLS1.3" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE3072 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage2: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-CIPHER-ALL:+AES-128-GCM --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null && #>/dev/null && fail ${PID} "stage2: expected connection to fail (1)" echo " * disabled group" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-GROUP-ALL:+GROUP-FFDHE2048 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage2: expected connection to fail (2)" echo "Testing TLS1.2" echo " * sanity" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (1)" echo " * fallback to good options" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC:+AES-256-CBC:+AES-256-GCM:-MAC-ALL:+SHA1:+AEAD --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null || fail ${PID} "stage3: expected connection to succeed (2)" echo " * disabled cipher" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-128-CBC --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (1)" echo " * disabled MAC" -datefudge "2017-11-22" \ +gnutls_timewrapper_standalone "2017-11-22" \ "${CLI}" -p "${PORT}" 127.0.0.1 --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA1 --verify-hostname localhost --x509cafile "${srcdir}/certs/ca-cert-ecc.pem" </dev/null >/dev/null && fail ${PID} "stage3: expected connection to fail (2)" diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh index 59177281d8..fdc1bb3a26 100755 --- a/tests/testpkcs11.sh +++ b/tests/testpkcs11.sh @@ -66,7 +66,7 @@ have_ed25519=0 P11TOOL="${VALGRIND} ${P11TOOL} --batch" SERV="${SERV} -q" -TESTDATE=2020-12-01 +TESTDATE="2020-12-01 00:00:00" . ${srcdir}/scripts/common.sh @@ -561,7 +561,7 @@ write_certificate_test () { pubkey="$5" echo -n "* Generating client certificate... " - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 @@ -939,7 +939,7 @@ use_certificate_test () { echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " # start server eval "${GETPORT}" - launch_bare_server datefudge -s "$TESTDATE" \ + launch_bare_server gnutls_timewrapper_standalone static "$TESTDATE" \ $VALGRIND $SERV $DEBUG -p "$PORT" \ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ --x509keyfile="$keyfile" --x509cafile="${cafile}" \ @@ -949,16 +949,16 @@ use_certificate_test () { wait_server ${PID} # connect to server using SC - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \ fail ${PID} "Connection should have failed!" - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \ fail ${PID} "Connection (with files) should have succeeded!" - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ --x509keyfile="${token};object=gnutls-client;object-type=private" \ --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \ |