From 8e1f599eb6bb4fc129ce0519506945fb306713fa Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Tue, 7 Sep 2021 14:24:13 -0400
Subject: Fill in notBefore/notAfter in X509 _PKeyInteractionTestsMixin tests
 (#1039)

While the tests currently pass without it, this is because OpenSSL's
encoder doesn't notice that it is emitting garbage. See
https://github.com/openssl/openssl/issues/16538

Fill in a placeholder validity period so the tests both better mirror
real X.509 signing code and do not rely on this bug.
---
 tests/test_crypto.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 699b146..ef3429d 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -1468,7 +1468,7 @@ class _PKeyInteractionTestsMixin:
 
     def signable(self):
         """
-        Return something with a `set_pubkey`, `set_pubkey`, and `sign` method.
+        Return something with `set_pubkey` and `sign` methods.
         """
         raise NotImplementedError()
 
@@ -1715,7 +1715,12 @@ class TestX509(_PKeyInteractionTestsMixin):
         """
         Create and return a new `X509`.
         """
-        return X509()
+        certificate = X509()
+        # Fill in placeholder validity values. signable only expects to call
+        # set_pubkey and sign.
+        certificate.gmtime_adj_notBefore(-24 * 60 * 60)
+        certificate.gmtime_adj_notAfter(24 * 60 * 60)
+        return certificate
 
     def test_type(self):
         """
-- 
cgit v1.2.1