I'm doing some testing with old versions of OpenSSL. Some versions like 0.9.8i from 15 Sep 2008 ignore seconds in notAfter field:

./python -m test test_ssl test_hashlib
[1/2] test_ssl
test test_ssl failed -- Traceback (most recent call last):
  File "/home/heimes/dev/python/cpython/Lib/test/test_ssl.py", line 145, in test_parse_cert
    self.assertEqual(p['notAfter'], 'Oct  5 23:01:56 2020 GMT')
AssertionError: 'Oct  5 23:01:00 2020 GMT' != 'Oct  5 23:01:56 2020 GMT'
- Oct  5 23:01:00 2020 GMT
?              ^^
+ Oct  5 23:01:56 2020 GMT


It's actually an issue in OpenSSL. I'm getting the same result with the openssl binary:

$ ../openssl/0.9.8i/bin/openssl x509 -text -in Lib/test/https_svn_python_org_root.pem | grep GMT
            Not Before: Mar 30 12:29:00 2003 GMT
            Not After : Mar 29 12:29:00 2033 GMT

$ ../openssl/0.9.8y/bin/openssl x509 -text -in Lib/test/https_svn_python_org_root.pem | grep GMT
            Not Before: Mar 30 12:29:49 2003 GMT
            Not After : Mar 29 12:29:49 2033 GMT

I'd like to modify the test for a well-defined set of errnous OpenSSL versions.

I'm not sure we should care much about this, but feel free to improve the tests of course :-)

New changeset c484ca129288 by Christian Heimes in branch 'default':
Issue #18207: Fix test_ssl for some versions of OpenSSL that ignore seconds
http://hg.python.org/cpython/rev/c484ca129288

Additional versions of OpenSSL may be affected by the issue. We can add these versions whenever we run into the issue again.