CI tests are failing due to expired certificate

[adelton]

Hello,

it seems that the certificate in tests/dumps/swidgen.pfx has expired on May 3 23:59:59 2018 GMT. That causes CI builds and jobs to fail, as suggested by Tobias in https://github.com/strongswan/swidGenerator/pull/41#issuecomment-402644098.

One possibility to fix the issue is to get the emailAddress = swidgen@discard.email certificate renewed from COMODO RSA Client Authentication and Secure Email CA.

Another possibility is to just create own testing CA and signing certificate. That would however require some tweaks to the tests/ code or perhaps to https://github.com/strongswan/swidGenerator-dockerimages, to then copy that testing CA certificate to the location where xmlsec/openssl expect them. Otherwise I get (expected) error

tests/integration_test.py::IntegrationTests::test_integration func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=360:obj=x509-store:subj=X509_verify_cert:error=4:crypto library function failed:subj=/CN=Testing CA;err=19;msg=self signed certificate in certificate chain

I'm mostly looking for guidance, which way you'd prefer more. I can likely prepare some pull request to add the self signed CA certificate and the logic to make it work in the tests but if you are working towards renewing the certificate which is used, that would certainly be preferred.

Thank you,

Jan

[tobiasbrunner]

Thanks for your input. Since the certificate was created with a free certificate service, we'd have to renew it every year, which is not ideal. I now replaced it with one from a custom CA (see cert-update branch), which is valid for 10 years and can easily be replaced.

[adelton]

I can see Travis CI is now passing on the cert-update branch -- thank you. Looking forward to the merge of that branch to master.