From 348483658478645e12127e888fd53aed45ad750f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= Date: Wed, 9 Jan 2019 16:40:15 +0100 Subject: ssl: Fix CRL suite with openssl-1.1.1a Later versions of openssl do not support negative integers for CRL due time (used for negative testing). As a workaround this commit implements a function that can set CRL due time in seconds and makes the testcase 'crl_hash_dir_expired' sleep for one second. Change-Id: I2ef8b3c6ee545bd09170fa6027cb9ca38cfb42c0 --- lib/ssl/test/ssl_crl_SUITE.erl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'lib/ssl/test/ssl_crl_SUITE.erl') diff --git a/lib/ssl/test/ssl_crl_SUITE.erl b/lib/ssl/test/ssl_crl_SUITE.erl index 23c5eaf84d..c61039b5da 100644 --- a/lib/ssl/test/ssl_crl_SUITE.erl +++ b/lib/ssl/test/ssl_crl_SUITE.erl @@ -383,8 +383,11 @@ crl_hash_dir_expired(Config) when is_list(Config) -> {verify, verify_peer}], {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), - %% First make a CRL that expired yesterday. - make_certs:gencrl(PrivDir, CA, CertsConfig, -24), + %% First make a CRL that will expire in one second. + make_certs:gencrl_sec(PrivDir, CA, CertsConfig, 1), + %% Sleep until the next CRL is due + ct:sleep({seconds, 1}), + CrlDir = filename:join(PrivDir, "crls"), populate_crl_hash_dir(PrivDir, CrlDir, [{CA, "1627b4b0"}], -- cgit v1.2.3