Bug 1557344

Summary: pyOpenSSL testsuite - expired certificate
Product: Red Hat Enterprise Linux 6 Reporter: Stanislav Zidek <szidek>
Component: pyOpenSSLAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 6.9CC: qe-baseos-security, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1557342 Environment:
Last Closed: 2018-03-16 13:18:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stanislav Zidek 2018-03-16 13:07:21 UTC 
+++ This bug was initially created as a clone of Bug #1557342 +++

(There is probably no point in fixing, feel free to CLOSE WONTFIX, I just need reference for some fails in tests.)

Description of problem:
Certificate hardcoded in upstream test suite of pyOpenSSL expired (2017-06-11 12:36:58 UTC as far as I can tell).

Version-Release number of selected component (if applicable):
pyOpenSSL-0.13.1-2.el6

How reproducible:
always

Steps to Reproduce:
1. trial /usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py


Actual results:
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/usr/lib64/python2.7/unittest/case.py", line 369, in run
    testMethod()
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 633, in test_load_verify_directory
    self._load_verify_locations_test(None, capath)
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 588, in _load_verify_locations_test
    handshake(clientSSL, serverSSL)
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 109, in handshake
    conn.do_handshake()
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]

OpenSSL.test.test_ssl.ContextTests.test_load_verify_directory
===============================================================================
[ERROR]
Traceback (most recent call last):
  File "/usr/lib64/python2.7/unittest/case.py", line 369, in run
    testMethod()
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 604, in test_load_verify_file
    self._load_verify_locations_test(cafile)
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 588, in _load_verify_locations_test
    handshake(clientSSL, serverSSL)
  File "/usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py", line 109, in handshake
    conn.do_handshake()
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]

OpenSSL.test.test_ssl.ContextTests.test_load_verify_file
===============================================================================


Expected results:
    test_load_verify_directory ...                                         [OK]
    test_load_verify_file ...                                              [OK]


Additional info:

Running the test with datefudge gives expected results:
datefudge 2017-01-01 trial /usr/lib64/python2.7/site-packages/OpenSSL/test/test_ssl.py

However, there are more bugs in upstream testsuite, see bz1155460.