diff options
author | Andreas Metzler <ametzler@bebt.de> | 2023-03-05 11:29:17 +0100 |
---|---|---|
committer | Andreas Metzler <ametzler@bebt.de> | 2023-04-04 17:56:05 +0200 |
commit | 71fc2905803a6cbd62c42ad611740a96bf018f48 (patch) | |
tree | ce22012117ba28829998696202078663d3023d66 | |
parent | edf92eb4881542de09bb72a9598cf528af25a9b2 (diff) | |
download | gnutls-71fc2905803a6cbd62c42ad611740a96bf018f48.tar.gz |
Use gnutls_timewrapper for static (frozen time) instances
Also switch setsid/wrapper order
Signed-off-by: Andreas Metzler <ametzler@bebt.de>
32 files changed, 113 insertions, 116 deletions
diff --git a/tests/cert-reencoding.sh b/tests/cert-reencoding.sh index 50d62d3bcb..fd8bc42a5f 100755 --- a/tests/cert-reencoding.sh +++ b/tests/cert-reencoding.sh @@ -249,7 +249,7 @@ launch_bare_server \ SERVER_PID="${!}" wait_server "${SERVER_PID}" -datefudge -s "${TESTDATE}" \ +gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --x509certfile ${CLIENT_CERT_FILE} \ --x509keyfile ${CLIENT_KEY_FILE} --x509cafile=${CA_FILE} \ --port="${PORT}" localhost </dev/null diff --git a/tests/cert-tests/alt-chain.sh b/tests/cert-tests/alt-chain.sh index 564e614604..177570e581 100755 --- a/tests/cert-tests/alt-chain.sh +++ b/tests/cert-tests/alt-chain.sh @@ -41,7 +41,7 @@ OLD_CA_FILE="${srcdir}/data/alt-chain-old-ca.pem" NEW_CA_FILE="${srcdir}/data/alt-chain-new-ca.pem" echo "" -datefudge -s "2017-05-10 00:00:00" \ +gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${OLD_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} rc=$? @@ -52,7 +52,7 @@ if test "${rc}" != "1"; then fi echo "" -datefudge -s "2017-05-10 00:00:00" \ +gnutls_timewrapper_standalone static "2017-05-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --load-ca-certificate ${NEW_CA_FILE} --verify-hostname www.google.com --verify --infile "${srcdir}/data/alt-chain.pem" >${OUTFILE} rc=$? diff --git a/tests/cert-tests/cert-non-digits-time.sh b/tests/cert-tests/cert-non-digits-time.sh index e21e638637..930cedd09a 100755 --- a/tests/cert-tests/cert-non-digits-time.sh +++ b/tests/cert-tests/cert-non-digits-time.sh @@ -34,7 +34,7 @@ fi skip_if_no_datefudge # Check whether certificates with non-digits time fields are accepted -datefudge -s "2019-12-19 00:00:00" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND}"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}/data/cert-with-non-digits-time-ca.pem" --infile "${srcdir}/data/cert-with-non-digits-time.pem" rc=$? diff --git a/tests/cert-tests/certtool-verify-profiles.sh b/tests/cert-tests/certtool-verify-profiles.sh index 91ef81c91e..862b4459c4 100755 --- a/tests/cert-tests/certtool-verify-profiles.sh +++ b/tests/cert-tests/certtool-verify-profiles.sh @@ -38,7 +38,7 @@ OUTFILE=out-pkcs7.$$.tmp skip_if_no_datefudge echo "Checking chain with insecure leaf" -datefudge -s "2019-12-19 00:00:00" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-leaf.pem" >${OUTFILE} rc=$? @@ -49,7 +49,7 @@ if test "${rc}" != "1"; then fi echo "Checking chain with insecure subca" -datefudge -s "2019-12-19 00:00:00" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-subca.pem" >${OUTFILE} rc=$? @@ -61,7 +61,7 @@ fi echo "Checking chain with insecure ca" -datefudge -s "2019-12-19 00:00:00" \ +gnutls_timewrapper_standalone static "2019-12-19 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-chain --verify-profile=medium --infile "${srcdir}/data/chain-512-ca.pem" >${OUTFILE} rc=$? diff --git a/tests/cert-tests/crl.sh b/tests/cert-tests/crl.sh index 6a02a429d1..d097017473 100755 --- a/tests/cert-tests/crl.sh +++ b/tests/cert-tests/crl.sh @@ -172,7 +172,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2020-01-20 10:00:00" ${VALGRIND} \ +gnutls_timewrapper_standalone static "2020-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-test.pem" \ --load-certificate "${srcdir}/data/ca-certs.pem" --template \ @@ -194,7 +194,7 @@ fi if test "${ac_cv_sizeof_time_t}" = 8;then # we should test that on systems which have 64-bit time_t - datefudge -s "2138-01-20 10:00:00" ${VALGRIND} \ + gnutls_timewrapper_standalone static "2138-01-20 10:00:00" ${VALGRIND} \ "${CERTTOOL}" --generate-crl --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-test.pem" \ --load-certificate "${srcdir}/data/ca-certs.pem" --template \ diff --git a/tests/cert-tests/crq.sh b/tests/cert-tests/crq.sh index 7533168908..d555fdb289 100755 --- a/tests/cert-tests/crq.sh +++ b/tests/cert-tests/crq.sh @@ -59,7 +59,7 @@ fi rm -f "${OUTFILE}" # check whether the honor_crq_extension option works -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -78,7 +78,7 @@ if grep -v '^-----BEGIN [A-Z0-9 ]\+-----$' ${TMPFILE} | grep -v '^[A-Za-z0-9/+=] exit 1 fi -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/data/template-test.key" \ --load-ca-certificate "${srcdir}/data/template-tlsfeature.pem" \ @@ -130,8 +130,8 @@ N N __EOF__ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ setsid \ -datefudge -s "2007-04-22 00:00:00" \ "${CERTTOOL}" -q \ --load-privkey "${srcdir}/data/template-test.key" \ --outfile "${OUTFILE}" <$TMPFILE 2>/dev/null @@ -147,7 +147,7 @@ if test "${rc}" != "0"; then fi # check whether the generation with extension works -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ @@ -168,7 +168,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with no explicit extensions -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ @@ -191,7 +191,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with CRQ extensions -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ @@ -214,7 +214,7 @@ if test "${rc}" != "0"; then fi # Generate certificate from CRQ with explicit extensions -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" \ diff --git a/tests/cert-tests/inhibit-anypolicy.sh b/tests/cert-tests/inhibit-anypolicy.sh index 1df91c00e9..398350da03 100755 --- a/tests/cert-tests/inhibit-anypolicy.sh +++ b/tests/cert-tests/inhibit-anypolicy.sh @@ -37,7 +37,7 @@ SUBCAFILE=inhibit-subca.$$.tmp skip_if_no_datefudge -datefudge -s "2017-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2017-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/key-ca.pem" \ --template "${srcdir}/templates/inhibit-anypolicy.tmpl" \ @@ -56,7 +56,7 @@ fi echo ca > $TEMPLFILE echo "cn = sub-CA" >> $TEMPLFILE -datefudge -s "2017-04-23 00:00:00" \ +gnutls_timewrapper_standalone static "2017-04-23 00:00:00" \ "${CERTTOOL}" -d 2 --generate-certificate --template $TEMPLFILE \ --load-ca-privkey "${srcdir}/data/key-ca.pem" \ --load-ca-certificate $CAFILE \ @@ -71,7 +71,7 @@ fi cat $SUBCAFILE $CAFILE > ${TMPFILE} # we do not support the inhibit any policy extension for verification -datefudge -s "2017-04-25 00:00:00" "${CERTTOOL}" --verify-chain --infile ${TMPFILE} +gnutls_timewrapper_standalone static "2017-04-25 00:00:00" "${CERTTOOL}" --verify-chain --infile ${TMPFILE} rc=$? if test "$rc" != "0"; then echo "Verification failed unexpectedly ($rc)" diff --git a/tests/cert-tests/invalid-sig.sh b/tests/cert-tests/invalid-sig.sh index 1aae3fd40e..663cf5b737 100755 --- a/tests/cert-tests/invalid-sig.sh +++ b/tests/cert-tests/invalid-sig.sh @@ -84,19 +84,16 @@ if test $rc = 0; then exit 1 fi -if check_for_datefudge; then - #this was causing a double free; verify that we receive the expected error code - datefudge -s "2020-01-01 00:00:00" \ - ${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" - rc=$? - - # We're done. - if test $rc != 1; then - echo "Verification of invalid signature (6) failed" - exit 1 - fi -else - echo "Verification of invalid signature (6) skipped" +skip_if_no_datefudge +#this was causing a double free; verify that we receive the expected error code +gnutls_timewrapper_standalone static "2020-01-01 00:00:00" \ +${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem" +rc=$? + +# We're done. +if test $rc != 1; then + echo "Verification of invalid signature (6) failed" + exit 1 fi exit 0 diff --git a/tests/cert-tests/krb5-test.sh b/tests/cert-tests/krb5-test.sh index ee1af0f2ed..7e06fd6e6c 100755 --- a/tests/cert-tests/krb5-test.sh +++ b/tests/cert-tests/krb5-test.sh @@ -44,7 +44,7 @@ fi # time set using datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-krb5name.tmpl" \ @@ -70,7 +70,7 @@ fi cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} echo "krb5_principal = 'xxxxxxxxxxxxxx'" >>${TMPLFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template ${TMPLFILE} \ @@ -87,7 +87,7 @@ fi cp "${srcdir}/templates/template-krb5name.tmpl" ${TMPLFILE} echo "krb5_principal = 'comp1/comp2/comp3/comp4/comp5/comp6/comp7/comp8/comp9/comp10@REALM.COM'" >>${TMPLFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template ${TMPLFILE} \ diff --git a/tests/cert-tests/md5-test.sh b/tests/cert-tests/md5-test.sh index d8c830f65c..c6f955a737 100755 --- a/tests/cert-tests/md5-test.sh +++ b/tests/cert-tests/md5-test.sh @@ -37,7 +37,7 @@ skip_if_no_datefudge # Test MD5 signatures -datefudge -s "2016-04-15 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \ "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 rc=$? if test "${rc}" != "1"; then @@ -45,7 +45,7 @@ if test "${rc}" != "1"; then exit ${rc} fi -datefudge -s "2016-04-15 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-15 00:00:00" \ "${CERTTOOL}" --verify-allow-broken --verify-chain --infile "${srcdir}/data/chain-md5.pem" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/name-constraints.sh b/tests/cert-tests/name-constraints.sh index be7f9dfc76..8cf002ecf4 100755 --- a/tests/cert-tests/name-constraints.sh +++ b/tests/cert-tests/name-constraints.sh @@ -37,7 +37,7 @@ TMPFILE=constraints.$$.pem.tmp skip_if_no_datefudge -datefudge -s "2016-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken -e --infile "${srcdir}/data/name-constraints-ip.pem" rc=$? diff --git a/tests/cert-tests/othername-test.sh b/tests/cert-tests/othername-test.sh index ce5be4c84b..2c365361a6 100755 --- a/tests/cert-tests/othername-test.sh +++ b/tests/cert-tests/othername-test.sh @@ -38,7 +38,7 @@ skip_if_no_datefudge # time set using datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-othername.tmpl" \ @@ -53,7 +53,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-othername-xmpp.tmpl" \ diff --git a/tests/cert-tests/pkcs7-cat.sh b/tests/cert-tests/pkcs7-cat.sh index 643b724dee..50f3bc5e73 100755 --- a/tests/cert-tests/pkcs7-cat.sh +++ b/tests/cert-tests/pkcs7-cat.sh @@ -36,7 +36,7 @@ OUTFILE=out-pkcs7.$$.tmp . ${srcdir}/../scripts/common.sh skip_if_no_datefudge -datefudge -s "2016-10-01 00:00:00" \ +gnutls_timewrapper_standalone static "2016-10-01 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --p7-verify --inder --infile "${srcdir}/data/pkcs7-cat.p7" --load-ca-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints.sh b/tests/cert-tests/pkcs7-constraints.sh index aef86b553d..7587c3a946 100755 --- a/tests/cert-tests/pkcs7-constraints.sh +++ b/tests/cert-tests/pkcs7-constraints.sh @@ -51,7 +51,7 @@ fi FILE="signing-verify-no-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -63,7 +63,7 @@ fi FILE="signing-verify-valid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -75,7 +75,7 @@ fi FILE="signing-verify-invalid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -87,7 +87,7 @@ fi FILE="signing-verify-invalid-date-1" echo "" echo "test: $FILE" -datefudge -s "2011-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? @@ -99,7 +99,7 @@ fi FILE="signing-verify-invalid-date-2" echo "" echo "test: $FILE" -datefudge -s "2018-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-ca-certificate "${srcdir}/data/code-signing-ca.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/pkcs7-constraints2.sh b/tests/cert-tests/pkcs7-constraints2.sh index 648e95a845..609bcb7786 100755 --- a/tests/cert-tests/pkcs7-constraints2.sh +++ b/tests/cert-tests/pkcs7-constraints2.sh @@ -51,7 +51,7 @@ fi FILE="signing-verify-no-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -63,7 +63,7 @@ fi FILE="signing-verify-valid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -75,7 +75,7 @@ fi FILE="signing-verify-invalid-purpose" echo "" echo "test: $FILE" -datefudge -s "2015-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2015-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.1 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -87,7 +87,7 @@ fi FILE="signing-verify-invalid-date-1" echo "" echo "test: $FILE" -datefudge -s "2011-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? @@ -99,7 +99,7 @@ fi FILE="signing-verify-invalid-date-2" echo "" echo "test: $FILE" -datefudge -s "2018-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2018-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-purpose 1.3.6.1.5.5.7.3.3 --p7-verify --load-certificate "${srcdir}/data/code-signing-cert.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/pkcs7.sh b/tests/cert-tests/pkcs7.sh index 65bb45cb8a..e1bf874552 100755 --- a/tests/cert-tests/pkcs7.sh +++ b/tests/cert-tests/pkcs7.sh @@ -80,7 +80,7 @@ fi for FILE in full.p7b openssl.p7b openssl-keyid.p7b; do # check validation with date prior to CA issuance -datefudge -s "2011-01-10 00:00:00" \ +gnutls_timewrapper_standalone static "2011-01-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? @@ -90,7 +90,7 @@ if test "${rc}" = "0"; then fi # check validation with date prior to intermediate cert issuance -env TZ=UTC datefudge -s "2011-05-28 08:38:00" \ +env TZ=UTC gnutls_timewrapper_standalone static "2011-05-28 08:38:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? @@ -100,7 +100,7 @@ if test "${rc}" = "0"; then fi # check validation with date after intermediate cert issuance -datefudge -s "2038-10-13 00:00:00" \ +gnutls_timewrapper_standalone static "2038-10-13 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --inder --p7-verify --load-ca-certificate "${srcdir}/../../doc/credentials/x509/ca.pem" --infile "${srcdir}/data/${FILE}" >"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/rsa-pss-pad.sh b/tests/cert-tests/rsa-pss-pad.sh index aa2a900345..06a1db54e6 100755 --- a/tests/cert-tests/rsa-pss-pad.sh +++ b/tests/cert-tests/rsa-pss-pad.sh @@ -41,7 +41,7 @@ skip_if_no_datefudge # Test PSS signatures on certificate for i in sha256 sha384 sha512;do -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed --key-type rsa-pss \ --load-privkey "${srcdir}/data/privkey1.pem" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -59,7 +59,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/sha3-test.sh b/tests/cert-tests/sha3-test.sh index 5c2eb91d64..0e76d9ce16 100755 --- a/tests/cert-tests/sha3-test.sh +++ b/tests/cert-tests/sha3-test.sh @@ -41,7 +41,7 @@ skip_if_no_datefudge # Test SHA3 signatures for i in sha3-224 sha3-256 sha3-384 sha3-512;do -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -59,7 +59,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then @@ -71,7 +71,7 @@ done # Test SHA3 signatures with ECDSA for i in sha3-224 sha3-256 sha3-384 sha3-512;do -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test-ecc.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -83,7 +83,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2007-04-25 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-25 00:00:00" \ "${CERTTOOL}" --load-ca-certificate "${TMPFILE}" --verify --infile "${TMPFILE}" >/dev/null 2>&1 rc=$? if test "${rc}" != "0"; then diff --git a/tests/cert-tests/smime.sh b/tests/cert-tests/smime.sh index ded942bbd1..5e3ab17c50 100755 --- a/tests/cert-tests/smime.sh +++ b/tests/cert-tests/smime.sh @@ -46,7 +46,7 @@ if test "${rc}" != "0"; then fi -datefudge -s "2017-04-06 00:00:00" \ +gnutls_timewrapper_standalone static "2017-04-06 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-rsa.pem" <"${OUTFILE}" rc=$? diff --git a/tests/cert-tests/template-exts-test.sh b/tests/cert-tests/template-exts-test.sh index f4f346ac97..c3f99253a2 100755 --- a/tests/cert-tests/template-exts-test.sh +++ b/tests/cert-tests/template-exts-test.sh @@ -34,7 +34,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ @@ -52,7 +52,7 @@ fi rm -f "$OUTFILE" # Test adding critical extensions only -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/crit-extensions.tmpl" \ @@ -69,7 +69,7 @@ fi rm -f "$OUTFILE" -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/arb-extensions.tmpl" \ diff --git a/tests/cert-tests/template-policy-test.sh b/tests/cert-tests/template-policy-test.sh index d3231affb7..e0eda056c7 100755 --- a/tests/cert-tests/template-policy-test.sh +++ b/tests/cert-tests/template-policy-test.sh @@ -34,7 +34,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/simple-policy.tmpl" \ diff --git a/tests/cert-tests/template-test.sh b/tests/cert-tests/template-test.sh index b8649364f0..26efce4571 100755 --- a/tests/cert-tests/template-test.sh +++ b/tests/cert-tests/template-test.sh @@ -41,7 +41,7 @@ echo "Running test for ${ac_cv_sizeof_time_t}-byte time_t" # time set using datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-test.tmpl" \ @@ -58,7 +58,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-utf8.tmpl" \ @@ -75,7 +75,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dn.tmpl" \ @@ -94,7 +94,7 @@ rm -f ${TMPFILE} echo "Running test for certificate generation with --generate-self-signed" -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-privkey "${srcdir}/data/template-test.key" \ --load-ca-privkey "${srcdir}/../../doc/credentials/x509/ca-key.pem" \ @@ -113,7 +113,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dn-err.tmpl" \ @@ -127,7 +127,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-overflow.tmpl" \ @@ -146,7 +146,7 @@ rm -f ${TMPFILE} # The following test works in 64-bit systems -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-overflow2.tmpl" \ @@ -176,7 +176,7 @@ else fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-date.tmpl" \ @@ -193,7 +193,7 @@ fi rm -f ${TMPFILE} -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-dates-after2038.tmpl" \ @@ -223,7 +223,7 @@ rm -f ${TMPFILE} # Test name constraints generation -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-nc.tmpl" \ @@ -244,7 +244,7 @@ rm -f ${TMPFILE} # Test the GeneralizedTime support if test "${ac_cv_sizeof_time_t}" = 8;then # we should test that on systems which have 64-bit time_t. - datefudge -s "2051-04-22 00:00:00" \ + gnutls_timewrapper_standalone static "2051-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-generalized.tmpl" \ @@ -264,7 +264,7 @@ rm -f ${TMPFILE} # Test unique ID field generation -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-unique.tmpl" \ @@ -283,7 +283,7 @@ rm -f ${TMPFILE} # Test generation with very long dns names -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-long-dns.tmpl" \ @@ -302,7 +302,7 @@ rm -f ${TMPFILE} # Test generation with larger serial number -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-long-serial.tmpl" \ diff --git a/tests/cert-tests/tlsfeature-test.sh b/tests/cert-tests/tlsfeature-test.sh index 52fd92095c..109a9de462 100755 --- a/tests/cert-tests/tlsfeature-test.sh +++ b/tests/cert-tests/tlsfeature-test.sh @@ -38,7 +38,7 @@ skip_if_no_datefudge # # Test certificate generation # -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-self-signed \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -97,7 +97,7 @@ fi # Test certificate request generation # -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-request \ --load-privkey "${srcdir}/data/template-test.key" \ --template "${srcdir}/templates/template-tlsfeature.tmpl" \ @@ -158,7 +158,7 @@ fi # # Test certificate generation after a request # -datefudge -s "2007-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2007-04-22 00:00:00" \ "${CERTTOOL}" --generate-certificate \ --load-privkey "${srcdir}/data/template-test.key" \ --load-ca-privkey "${srcdir}/data/template-test.key" \ diff --git a/tests/certtool-pkcs11.sh b/tests/certtool-pkcs11.sh index 299083e90c..ccb244666b 100755 --- a/tests/certtool-pkcs11.sh +++ b/tests/certtool-pkcs11.sh @@ -115,7 +115,7 @@ verify_certificate_test() { file=$2 echo -n "* Verifying a certificate... " - datefudge -s "2015-10-10 00:00:00" \ + gnutls_timewrapper_standalone static "2015-10-10 00:00:00" \ $CERTTOOL ${ADDITIONAL_PARAM} --verify --load-ca-certificate "$url" --infile "$file" >>"${TMPFILE}" 2>&1 if test $? = 0; then echo ok diff --git a/tests/ocsp-tests/ocsp-load-chain.sh b/tests/ocsp-tests/ocsp-load-chain.sh index 35cd509f4d..96c26085a6 100755 --- a/tests/ocsp-tests/ocsp-load-chain.sh +++ b/tests/ocsp-tests/ocsp-load-chain.sh @@ -33,7 +33,7 @@ export TZ="UTC" skip_if_no_datefudge -datefudge -s "2017-06-19 00:00:00" \ +gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \ "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken rc=$? @@ -43,7 +43,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2017-06-19 00:00:00" \ +gnutls_timewrapper_standalone static "2017-06-19 00:00:00" \ "${OCSPTOOL}" -e --load-chain "${srcdir}/ocsp-tests/certs/chain-amazon.com-unsorted.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-amazon.com.der" --verify-allow-broken rc=$? @@ -54,7 +54,7 @@ if test "${rc}" != "0"; then fi # verify an OCSP response using ECDSA -datefudge -s "2017-06-29 00:00:00" \ +gnutls_timewrapper_standalone static "2017-06-29 00:00:00" \ "${OCSPTOOL}" -d 6 -e --load-chain "${srcdir}/ocsp-tests/certs/chain-akamai.com.pem" --infile "${srcdir}/ocsp-tests/certs/ocsp-akamai.com.der" rc=$? diff --git a/tests/ocsp-tests/ocsp-must-staple-connection.sh b/tests/ocsp-tests/ocsp-must-staple-connection.sh index f6fa6341d7..0b6204084d 100755 --- a/tests/ocsp-tests/ocsp-must-staple-connection.sh +++ b/tests/ocsp-tests/ocsp-must-staple-connection.sh @@ -100,7 +100,7 @@ chmod u+w "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -109,7 +109,7 @@ datefudge -s "${CERTDATE}" ${CERTTOOL} \ # Generate certificates with the random port (with mandatory stapling extension) echo "tls_feature = 5" >>"$TEMPLATE_FILE" -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -181,7 +181,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -214,7 +214,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -249,7 +249,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -285,7 +285,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -307,7 +307,7 @@ rm -f "${OCSP_RESPONSE_FILE}" # Generate an OCSP response which expires in 2 days and use it after # a month. gnutls server doesn't send such a staple to clients. ${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" -datefudge -s "${EXP_OCSP_DATE}" \ +gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \ ${OPENSSL} ocsp -index "${INDEXFILE}" -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" -ndays 2 eval "${GETPORT}" @@ -344,7 +344,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -367,7 +367,7 @@ echo "=== Test 6: Server with valid certificate - old staple ===" rm -f "${OCSP_RESPONSE_FILE}" ${VALGRIND} ${OCSPTOOL} --generate-request --load-issuer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --load-cert "${SERVER_CERT_FILE}" --outfile "${OCSP_REQ_FILE}" -datefudge -s "${EXP_OCSP_DATE}" \ +gnutls_timewrapper_standalone static "${EXP_OCSP_DATE}" \ ${OPENSSL} ocsp -index ${INDEXFILE} -rsigner "${srcdir}/ocsp-tests/certs/ocsp-server.pem" -rkey "${srcdir}/ocsp-tests/certs/ocsp-server.key" -CA "${srcdir}/ocsp-tests/certs/ca.pem" -reqin "${OCSP_REQ_FILE}" -respout "${OCSP_RESPONSE_FILE}" eval "${GETPORT}" @@ -387,7 +387,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -422,7 +422,7 @@ if test "${GNUTLS_FORCE_FIPS_MODE}" != 1; then wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --priority "NORMAL:%NO_EXTENSIONS" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -457,7 +457,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -490,7 +490,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/ocsp-tests/ocsp-signer-verify.sh b/tests/ocsp-tests/ocsp-signer-verify.sh index 5c40b46e1a..4d58f87469 100755 --- a/tests/ocsp-tests/ocsp-signer-verify.sh +++ b/tests/ocsp-tests/ocsp-signer-verify.sh @@ -38,7 +38,7 @@ trusted="${sample_dir}/trust.pem" verify_response () { echo "verifying ${sample_dir}/${1} using ${trusted}" - datefudge --static "${date}" \ + gnutls_timewrapper_standalone static "${date}" \ "${OCSPTOOL}" --infile="${sample_dir}/${1}" \ --verify-response --load-trust="${trusted}" return $? diff --git a/tests/ocsp-tests/ocsp-test.sh b/tests/ocsp-tests/ocsp-test.sh index 32ad12a6a0..0da118bf25 100755 --- a/tests/ocsp-tests/ocsp-test.sh +++ b/tests/ocsp-tests/ocsp-test.sh @@ -37,7 +37,7 @@ skip_if_no_datefudge # time set using datefudge could have changed since the generation # (if example the system was busy) -datefudge -s "2016-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response1.der" rc=$? @@ -47,7 +47,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2016-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ocsp-server.pem" --infile "${srcdir}/ocsp-tests/response2.der" rc=$? @@ -57,7 +57,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -datefudge -s "2016-04-22 00:00:00" \ +gnutls_timewrapper_standalone static "2016-04-22 00:00:00" \ "${OCSPTOOL}" -e --load-signer "${srcdir}/ocsp-tests/certs/ca.pem" --infile "${srcdir}/ocsp-tests/response2.der" -d 4 rc=$? diff --git a/tests/ocsp-tests/ocsp-tls-connection.sh b/tests/ocsp-tests/ocsp-tls-connection.sh index 6a04964802..3ff7620894 100755 --- a/tests/ocsp-tests/ocsp-tls-connection.sh +++ b/tests/ocsp-tests/ocsp-tls-connection.sh @@ -96,7 +96,7 @@ chmod u+w "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_good.key" \ @@ -160,7 +160,7 @@ wait_server $TLS_SERVER_PID wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? @@ -182,7 +182,7 @@ cp "${srcdir}/ocsp-tests/certs/server_bad.template" "$TEMPLATE_FILE" echo "ocsp_uri=http://localhost:${OCSP_PORT}/ocsp/" >>"$TEMPLATE_FILE" # Generate certificates with the random port -datefudge -s "${CERTDATE}" ${CERTTOOL} \ +gnutls_timewrapper_standalone static "${CERTDATE}" ${CERTTOOL} \ --generate-certificate --load-ca-privkey "${srcdir}/ocsp-tests/certs/ca.key" \ --load-ca-certificate "${srcdir}/ocsp-tests/certs/ca.pem" \ --load-privkey "${srcdir}/ocsp-tests/certs/server_bad.key" \ @@ -204,7 +204,7 @@ wait_server ${TLS_SERVER_PID} wait_for_port "${TLS_SERVER_PORT}" echo "test 123456" | \ - datefudge -s "${TESTDATE}" \ + gnutls_timewrapper_standalone static "${TESTDATE}" \ "${CLI}" --ocsp --x509cafile="${srcdir}/ocsp-tests/certs/ca.pem" \ --port="${TLS_SERVER_PORT}" localhost rc=$? diff --git a/tests/pkcs7-cat.sh b/tests/pkcs7-cat.sh index 25ed8bd255..12929868ea 100755 --- a/tests/pkcs7-cat.sh +++ b/tests/pkcs7-cat.sh @@ -36,7 +36,7 @@ fi skip_if_no_datefudge #try verification -datefudge -s "2010-10-10 00:00:00" \ +gnutls_timewrapper_standalone static "2010-10-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? @@ -45,7 +45,7 @@ if test "${rc}" = "0"; then exit 1 fi -datefudge -s "2016-10-10 00:00:00" \ +gnutls_timewrapper_standalone static "2016-10-10 00:00:00" \ ${VALGRIND} "${CERTTOOL}" --verify-allow-broken --inder --p7-verify --infile "${srcdir}/data/test1.cat" --load-certificate "${srcdir}/data/pkcs7-cat-ca.pem" rc=$? diff --git a/tests/rsa-md5-collision/rsa-md5-collision.sh b/tests/rsa-md5-collision/rsa-md5-collision.sh index 0e31107a9f..cbd4565609 100755 --- a/tests/rsa-md5-collision/rsa-md5-collision.sh +++ b/tests/rsa-md5-collision/rsa-md5-collision.sh @@ -36,7 +36,7 @@ skip_if_no_datefudge ASAN_OPTIONS="detect_leaks=0" export ASAN_OPTIONS -datefudge -s "2006-10-01 00:00:00" \ +gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE1" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-1.pem" if test $? = 0;then echo "Verification on chain1 succeeded" @@ -50,7 +50,7 @@ if test $? != 0;then fi -datefudge -s "2006-10-01 00:00:00" \ +gnutls_timewrapper_standalone static "2006-10-01 00:00:00" \ "${CERTTOOL}" --verify-chain --outfile "$TMPFILE2" --infile "${srcdir}/rsa-md5-collision/colliding-chain-md5-2.pem" if test $? = 0;then echo "Verification on chain2 succeeded" diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh index 5d671322d5..fdc1bb3a26 100755 --- a/tests/testpkcs11.sh +++ b/tests/testpkcs11.sh @@ -561,7 +561,7 @@ write_certificate_test () { pubkey="$5" echo -n "* Generating client certificate... " - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 @@ -939,7 +939,7 @@ use_certificate_test () { echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " # start server eval "${GETPORT}" - launch_bare_server datefudge -s "$TESTDATE" \ + launch_bare_server gnutls_timewrapper_standalone static "$TESTDATE" \ $VALGRIND $SERV $DEBUG -p "$PORT" \ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ --x509keyfile="$keyfile" --x509cafile="${cafile}" \ @@ -949,16 +949,16 @@ use_certificate_test () { wait_server ${PID} # connect to server using SC - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \ fail ${PID} "Connection should have failed!" - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ --x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \ fail ${PID} "Connection (with files) should have succeeded!" - datefudge -s "$TESTDATE" \ + gnutls_timewrapper_standalone static "$TESTDATE" \ ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ --x509keyfile="${token};object=gnutls-client;object-type=private" \ --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \ |