diff options
| author | David Benjamin <davidben@davidben.net> | 2022-12-16 10:44:52 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-16 10:44:52 -0500 |
| commit | d2f0aec1033181ab2f256e78915cdfdccc31b977 (patch) | |
| tree | 9a95433ea1a0f9e73fa6c08c814dafe772718bea /tests | |
| parent | 4aae795360be0f8f85df32348bf1a6679b6828ca (diff) | |
| download | pyopenssl-d2f0aec1033181ab2f256e78915cdfdccc31b977.tar.gz | |
Fix CRL nextUpdate handling. (#1169)
* Fix CRL nextUpdate handling.
When setting the nextUpdate field of a CRL, this code grabbed the
nextUpdate ASN1_TIME field from the CRL and set its time. But nextUpdate
is optional in a CRL so that field is usually NULL. But OpenSSL's
ASN1_TIME_set_string succeeds when the destination argument is NULL, so
it was silently a no-op.
Given that, the call in a test to set the nextUpdate field suddenly
starts working and sets the time to 2018, thus causing the CRL to be
considered expired and breaking the test. So this change also changes
the expiry year far into the future.
Additionally, the other CRL and Revoked setters violate const in the
API.
Fixes #1168.
* Replace self-check with an assert for coverage
* Update src/OpenSSL/crypto.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_crypto.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 88756f0..44bbd0f 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -3850,7 +3850,9 @@ class TestCRL: crl.add_revoked(revoked) crl.set_version(1) crl.set_lastUpdate(b"20140601000000Z") - crl.set_nextUpdate(b"20180601000000Z") + # The year 5000 is far into the future so that this CRL isn't + # considered to have expired. + crl.set_nextUpdate(b"50000601000000Z") crl.sign(issuer_cert, issuer_key, digest=b"sha512") return crl |