classification
Title: OpenSSL may ignore seconds in notAfter
Type: behavior Stage: resolved
Components: Tests Versions: Python 3.4
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, pitrou, python-dev
Priority: low Keywords:

Created on 2013-06-13 23:58 by christian.heimes, last changed 2013-06-17 13:34 by christian.heimes. This issue is now closed.

Messages (4)
msg191099 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-06-13 23:58
I'm doing some testing with old versions of OpenSSL. Some versions like 0.9.8i from 15 Sep 2008 ignore seconds in notAfter field:

./python -m test test_ssl test_hashlib
[1/2] test_ssl
test test_ssl failed -- Traceback (most recent call last):
  File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 145, in test_parse_cert
    self.assertEqual(p['notAfter'], 'Oct  5 23:01:56 2020 GMT')
AssertionError: 'Oct  5 23:01:00 2020 GMT' != 'Oct  5 23:01:56 2020 GMT'
- Oct  5 23:01:00 2020 GMT
?              ^^
+ Oct  5 23:01:56 2020 GMT


It's actually an issue in OpenSSL. I'm getting the same result with the openssl binary:

$ ../openssl/0.9.8i/bin/openssl x509 -text -in Lib/test/https_svn_python_org_root.pem | grep GMT
            Not Before: Mar 30 12:29:00 2003 GMT
            Not After : Mar 29 12:29:00 2033 GMT

$ ../openssl/0.9.8y/bin/openssl x509 -text -in Lib/test/https_svn_python_org_root.pem | grep GMT
            Not Before: Mar 30 12:29:49 2003 GMT
            Not After : Mar 29 12:29:49 2033 GMT

I'd like to modify the test for a well-defined set of errnous OpenSSL versions.
msg191322 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-06-17 11:56
I'm not sure we should care much about this, but feel free to improve the tests of course :-)
msg191331 - (view) Author: Roundup Robot (python-dev) Date: 2013-06-17 13:33
New changeset c484ca129288 by Christian Heimes in branch 'default':
Issue #18207: Fix test_ssl for some versions of OpenSSL that ignore seconds
http://hg.python.org/cpython/rev/c484ca129288
msg191332 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2013-06-17 13:34
Additional versions of OpenSSL may be affected by the issue. We can add these versions whenever we run into the issue again.
History
Date User Action Args
2013-06-17 13:34:45christian.heimessetstatus: open -> closed
resolution: fixed
messages: + msg191332

stage: resolved
2013-06-17 13:33:10python-devsetnosy: + python-dev
messages: + msg191331
2013-06-17 11:56:36pitrousetpriority: normal -> low
type: behavior
messages: + msg191322

components: + Tests, - Extension Modules
2013-06-13 23:58:14christian.heimescreate