test_tls_connect_revoked failed due to expired certificate

wbond / oscrypto

Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy

MIT License

320 stars 70 forks source link

test_tls_connect_revoked failed due to expired certificate #45

Closed Ikke closed 4 years ago

Ikke commented 4 years ago

test_tls_connect_revoked in tests/test_tls.py fails with

oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2020-04-13 12:00:00Z

Apparently the certificate for revoked.grc.com is expired.

sethmlarson commented 4 years ago

Might I suggest using trustme?

wbond commented 4 years ago

I can make up a revoked cert without issue (I even run https://badtls.io for testing) - the point of this test is to use a real, in-the-wild revoked cert.

wbond commented 4 years ago

Looks like Digicert has some at https://www.digicert.com/digicert-root-certificates.htm.

I'll need to get the test suite set up to use global-root-ca-revoked.chain-demos.digicert.com, along with updating https://github.com/wbond/certvalidator/blob/master/tests/test_validate.py#L55-L115.

wbond commented 4 years ago

This is fixed by f85962b8f21d34923e6af0c71bc3a467bf6ad58e