From 2a899742cee7dee7dafc6a8042dc2d4b0ff24146 Mon Sep 17 00:00:00 2001 From: Diane Trout Date: Thu, 24 Dec 2015 16:24:33 -0800 Subject: [PATCH] Update CRL for 5 years (Closes: #79548) Also add hints about what the test failure looks like and how to update the CRL when it expires. --- tests/certs/ca-0-crl.cfg | 12 ++++++++++++ tests/certs/ca-0-crl.pem | 20 ++++++++++---------- tests/certs/crl/ca-0-crl.pem | 20 ++++++++++---------- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/tests/certs/ca-0-crl.cfg b/tests/certs/ca-0-crl.cfg index bc9ed25..790dfe3 100644 --- a/tests/certs/ca-0-crl.cfg +++ b/tests/certs/ca-0-crl.cfg @@ -1,3 +1,14 @@ +# Update crl with certtool from gnutls-bin: +# certtool --generate-crl \ +# --load-ca-privkey ca-0-key.pem \ +# --load-ca-certificate ca-0-cert.pem +# --template ca-0-crl.cfg +# --outfile=ca-0-crl.pem +# +# When expired the test ssl tests fail with the error: +# assertion failed (error == (wocky_auth_error, 6)): \ +# SSL Certificate Verification Error for weasel-juice.org (wocky-tls-cert-error, 12) +# # X.509 Certificate options # # DN options @@ -87,3 +98,4 @@ crl_signing_key # Whether this key will be used for time stamping. #time_stamping_key +crl_next_update=1825 \ No newline at end of file diff --git a/tests/certs/ca-0-crl.pem b/tests/certs/ca-0-crl.pem index 80f47ba..82810c4 100644 --- a/tests/certs/ca-0-crl.pem +++ b/tests/certs/ca-0-crl.pem @@ -1,13 +1,13 @@ -----BEGIN X509 CRL----- -MIIB/DCB5QIBATANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVSzESMBAGA1UE +MIIB9zCB4AIBATANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVSzESMBAGA1UE ChMJQ29sbGFib3JhMRkwFwYDVQQLExBXb2NreSBUZXN0IFN1aXRlMREwDwYDVQQI -EwhDb25mdXNlZDEbMBkGA1UEAxMSV29ja3kgWE1QUCBMaWJyYXJ5Fw0xMjA1MTAx -NjQzNTBaFw0xMzA1MTAxNjQzNTBaMBQwEgIBCxcNMTIwNTEwMTY0MzUwWqAvMC0w -HwYDVR0jBBgwFoAUSTAmCIya1mnNi8DMDlwCjkofpowwCgYDVR0UBAMCAQAwDQYJ -KoZIhvcNAQELBQADggEBACFaj/M6g+fP0RQEiB7kvoocdM7XGUemkl9Ns/chc9zH -yLgq1891jIO5GoKoCuMGEFfYat/VZutNOLFHkJ0AeqrvOSPVZ8atcZTJR/lgjR6I -PN/UMFpHMEVa7cUtLPx47UvGDolrOo1d4ciLVUUPoZMRGxTitVz8KtEk+O9s6NjS -W25uTGoNT58OQS51dXq4N97gNMSeggWGN1Y9swv0s992G/Y93t/uQvsRsSEMe7kj -ddChE3Gb4I+7TkjL+e64RlYsAtvMePM3k3+Zk95wFGWqlwRow46Nv3F02C8Af5JV -zp+tsq2foM0lIADnOTjUs2XgNGqx0Gm/hTAfBMsIgkM= +EwhDb25mdXNlZDEbMBkGA1UEAxMSV29ja3kgWE1QUCBMaWJyYXJ5GA8yMDE1MTIy +NTAwMTUyOFoYDzIwNDMxMjE4MDAxNTI4WjAAoDowODAfBgNVHSMEGDAWgBRJMCYI +jJrWac2LwMwOXAKOSh+mjDAVBgNVHRQEDgIMVnyKoDh8eHifdGqYMA0GCSqGSIb3 +DQEBCwUAA4IBAQDZU8sGCG5e7rO48sfQ99HkpmJTIq/derpunLNDTFA0B3U8r51Y +YF+FttEr/VmMxHpvco0I/XxJjIr4LgfbuLnopXbvEqc6ebmDyjVJ6pbo4w453W39 +lv86hAnfLD9ZVg4mffsV0PEfv4UJ+83nTu+7B8mprautAGgx45yw2WDuo/xYxYCB +NIgpus8jvwqnsbkAbZyl625sCEAZ/EqogATZ1fVbnvcnEZWV10QCmNgC0wvahXMA +j5G2zo0hYWXgrYI2z9LgzzjO4VI0iGRc/FpDe3KegmNzisdaYLCn7fGzrY8mnXik +odPUo3MiIah2Kf8WLSNpIsGb//omfn8Ik2Ui -----END X509 CRL----- diff --git a/tests/certs/crl/ca-0-crl.pem b/tests/certs/crl/ca-0-crl.pem index 80f47ba..82810c4 100644 --- a/tests/certs/crl/ca-0-crl.pem +++ b/tests/certs/crl/ca-0-crl.pem @@ -1,13 +1,13 @@ -----BEGIN X509 CRL----- -MIIB/DCB5QIBATANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVSzESMBAGA1UE +MIIB9zCB4AIBATANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQGEwJVSzESMBAGA1UE ChMJQ29sbGFib3JhMRkwFwYDVQQLExBXb2NreSBUZXN0IFN1aXRlMREwDwYDVQQI -EwhDb25mdXNlZDEbMBkGA1UEAxMSV29ja3kgWE1QUCBMaWJyYXJ5Fw0xMjA1MTAx -NjQzNTBaFw0xMzA1MTAxNjQzNTBaMBQwEgIBCxcNMTIwNTEwMTY0MzUwWqAvMC0w -HwYDVR0jBBgwFoAUSTAmCIya1mnNi8DMDlwCjkofpowwCgYDVR0UBAMCAQAwDQYJ -KoZIhvcNAQELBQADggEBACFaj/M6g+fP0RQEiB7kvoocdM7XGUemkl9Ns/chc9zH -yLgq1891jIO5GoKoCuMGEFfYat/VZutNOLFHkJ0AeqrvOSPVZ8atcZTJR/lgjR6I -PN/UMFpHMEVa7cUtLPx47UvGDolrOo1d4ciLVUUPoZMRGxTitVz8KtEk+O9s6NjS -W25uTGoNT58OQS51dXq4N97gNMSeggWGN1Y9swv0s992G/Y93t/uQvsRsSEMe7kj -ddChE3Gb4I+7TkjL+e64RlYsAtvMePM3k3+Zk95wFGWqlwRow46Nv3F02C8Af5JV -zp+tsq2foM0lIADnOTjUs2XgNGqx0Gm/hTAfBMsIgkM= +EwhDb25mdXNlZDEbMBkGA1UEAxMSV29ja3kgWE1QUCBMaWJyYXJ5GA8yMDE1MTIy +NTAwMTUyOFoYDzIwNDMxMjE4MDAxNTI4WjAAoDowODAfBgNVHSMEGDAWgBRJMCYI +jJrWac2LwMwOXAKOSh+mjDAVBgNVHRQEDgIMVnyKoDh8eHifdGqYMA0GCSqGSIb3 +DQEBCwUAA4IBAQDZU8sGCG5e7rO48sfQ99HkpmJTIq/derpunLNDTFA0B3U8r51Y +YF+FttEr/VmMxHpvco0I/XxJjIr4LgfbuLnopXbvEqc6ebmDyjVJ6pbo4w453W39 +lv86hAnfLD9ZVg4mffsV0PEfv4UJ+83nTu+7B8mprautAGgx45yw2WDuo/xYxYCB +NIgpus8jvwqnsbkAbZyl625sCEAZ/EqogATZ1fVbnvcnEZWV10QCmNgC0wvahXMA +j5G2zo0hYWXgrYI2z9LgzzjO4VI0iGRc/FpDe3KegmNzisdaYLCn7fGzrY8mnXik +odPUo3MiIah2Kf8WLSNpIsGb//omfn8Ik2Ui -----END X509 CRL----- -- 2.6.4