search

wbond / oscrypto

Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy
MIT License
322 stars 71 forks source link

Some tests failed due to expired certificates and other errors #82

Open huajingyun01 opened 1 month ago

huajingyun01 commented 1 month ago

Some test errors are as follows:

======================================================================
ERROR: test_tls_connect_dh1024 (tests.test_tls.TLSTests.test_tls_connect_dh1024)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_error_client_cert_required (tests.test_tls.TLSTests.test_tls_error_client_cert_required)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_error_domain_mismatch (tests.test_tls.TLSTests.test_tls_error_domain_mismatch)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_error_http (tests.test_tls.TLSTests.test_tls_error_http)
----------------------------------------------------------------------
oscrypto.errors.TLSError: error:0A0000C6:SSL routines::packet length too long
======================================================================
ERROR: test_tls_error_san_mismatch (tests.test_tls.TLSTests.test_tls_error_san_mismatch)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_error_weak_dh_params (tests.test_tls.TLSTests.test_tls_error_weak_dh_params)
----------------------------------------------------------------------
oscrypto.errors.TLSError: error:030000A8:digital envelope routines::unknown security bits
======================================================================
ERROR: test_tls_error_wildcard_mismatch (tests.test_tls.TLSTests.test_tls_error_wildcard_mismatch)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_extra_trust_roots (tests.test_tls.TLSTests.test_tls_extra_trust_roots)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
======================================================================
ERROR: test_tls_wildcard_success (tests.test_tls.TLSTests.test_tls_wildcard_success)
----------------------------------------------------------------------
oscrypto.errors.TLSVerificationError: Server certificate verification failed - certificate expired 2024-01-01 00:00:00Z
nmeum commented 1 month ago

The test suite uses badtls.io and it seems that the service is no longer functional. For example, according to the badtls README, domain-match.badtls.io:10000 should be a "good" configuration. However, connecting to that port via TLS fails with an expired certificate error:

$ openssl s_client domain-match.badtls.io:10000
SSL handshake has read 1704 bytes and written 423 bytes
Verification error: certificate has expired

That is why the test suite presently fails.