test regression: certificate expired 2023-01-01 00:00:00Z

[jspricke]

Hi, this has been reported in Debian but I assume that it is also true for the Github Actions. Would it be an option to generate the test certificates on the fly?

======================================================================
ERROR: test_tls_connect_dh1024 
(tests.test_tls.TLSTests.test_tls_connect_dh1024)
----------------------------------------------------------------------
Traceback (most recent call last):
  File 
"/tmp/autopkgtest-lxc.a4kfr24h/downtmp/autopkgtest_tmp/tests/unittest_data.py", 
line 51, in generated_test_function
    original_function(self, *params)
  File 
"/tmp/autopkgtest-lxc.a4kfr24h/downtmp/autopkgtest_tmp/tests/test_tls.py", 
line 75, in wrapped
    f(*args)
  File 
"/tmp/autopkgtest-lxc.a4kfr24h/downtmp/autopkgtest_tmp/tests/test_tls.py", 
line 102, in tls_connect
    connection = tls.TLSSocket(hostname, port, session=session)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/oscrypto/_openssl/tls.py", line 
456, in __init__
    self._handshake()
  File "/usr/lib/python3/dist-packages/oscrypto/_openssl/tls.py", line 
674, in _handshake
    raise_expired_not_yet_valid(cert)
  File "/usr/lib/python3/dist-packages/oscrypto/_tls.py", line 509, in 
raise_expired_not_yet_valid
    raise TLSVerificationError(message, certificate)
oscrypto.errors.TLSVerificationError: Server certificate verification 
failed - certificate expired 2023-01-01 00:00:00Z

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033822

[dvzrv]

This is an issue for reproducible-builds and it would be really great to get this fixed. We currently have to disable these tests while doing Python 3.11 rebuilds on Arch Linux.

[wbond]

This was resolved recently by updating https://github.com/wbond/badtls.io