Browse Source

Initial commit

master
JustAnotherArchivist 1 year ago
commit
6f0c24ec1b
4 changed files with 325 additions and 0 deletions
  1. +77
    -0
      Dockerfile
  2. +37
    -0
      README.md
  3. +200
    -0
      openssl1.1.0-test-certs.patch
  4. +11
    -0
      openssl1.1.0-test-fuzz.patch

+ 77
- 0
Dockerfile View File

@@ -0,0 +1,77 @@
FROM debian:bullseye-slim AS builder

ENV LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib
ENV SSL_CERT_DIR=/etc/ssl/certs/

COPY openssl1.1.0-*.patch /tmp/

RUN apt-get update \
&& apt-get install -y build-essential zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev curl llvm libncursesw5-dev xz-utils libxml2-dev libffi-dev liblzma-dev \
&& rm -rf /var/lib/apt/lists/*

ARG OPENSSL_VERSION=3.0.7
ARG OPENSSL_SHA256=missing

# OpenSSL 1.0.2 must be compiled with -fPIC and does not support parallel builds (make -j)
RUN mkdir -p /tmp/src \
&& cd /tmp/src \
&& curl -sSL https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz -o openssl.tar.gz \
&& if [ "${OPENSSL_SHA256}" = "missing" ]; then \
if [ "${OPENSSL_VERSION}" = "1.0.2u" ]; then OPENSSL_SHA256=ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16; \
elif [ "${OPENSSL_VERSION}" = "1.1.0l" ]; then OPENSSL_SHA256=74a2f756c64fd7386a29184dc0344f4831192d61dc2481a93a4c5dd727f41148; \
elif [ "${OPENSSL_VERSION}" = "1.1.1q" ]; then OPENSSL_SHA256=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca; \
elif [ "${OPENSSL_VERSION}" = "3.0.7" ]; then OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e; \
else echo "Error: OPENSSL_SHA256 missing and OPENSSL_VERSION is not one of the built-in versions" && exit 1; \
fi \
fi \
&& echo "${OPENSSL_SHA256} openssl.tar.gz" | sha256sum -c \
&& tar -xvf openssl.tar.gz \
&& rm openssl.tar.gz \
&& cd openssl-${OPENSSL_VERSION} \
&& case "${OPENSSL_VERSION}" in 1.1.0*) patch -p1 </tmp/openssl1.1.0-test-certs.patch; patch -p1 </tmp/openssl1.1.0-test-fuzz.patch ;; 1.0.2*) extrasslconfig=-fPIC ;; esac \
&& ./config ${extrasslconfig} --prefix=/usr/local --openssldir=/usr/local \
&& case "${OPENSSL_VERSION}" in 1.0.2*) ;; *) extrasslmake=-j ;; esac \
&& make ${extrasslmake} \
&& make test \
&& make install \
&& rm -rf /tmp/src \
&& rm -rf /usr/local/share/doc /usr/local/share/man

ARG PYTHON_VERSION=3.11.1
ARG PYTHON_SHA256=missing

RUN mkdir -p /tmp/src \
&& cd /tmp/src \
&& LD_LIBRARY_PATH= curl -sSL https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz -o Python.tar.xz \
&& if [ "${PYTHON_SHA256}" = "missing" ]; then \
if [ "${PYTHON_VERSION}" = "3.7.16" ]; then PYTHON_SHA256=8338f0c2222d847e904c955369155dc1beeeed806e8d5ef04b00ef4787238bfd; \
elif [ "${PYTHON_VERSION}" = "3.8.16" ]; then PYTHON_SHA256=d85dbb3774132473d8081dcb158f34a10ccad7a90b96c7e50ea4bb61f5ce4562; \
elif [ "${PYTHON_VERSION}" = "3.9.16" ]; then PYTHON_SHA256=22dddc099246dd2760665561e8adb7394ea0cc43a72684c6480f9380f7786439; \
elif [ "${PYTHON_VERSION}" = "3.10.9" ]; then PYTHON_SHA256=5ae03e308260164baba39921fdb4dbf8e6d03d8235a939d4582b33f0b5e46a83; \
elif [ "${PYTHON_VERSION}" = "3.11.1" ]; then PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f; \
else echo "Error: PYTHON_SHA256 missing and PYTHON_VERSION is not one of the built-in versions" && exit 1; \
fi \
fi \
&& echo "${PYTHON_SHA256} Python.tar.xz" | sha256sum -c \
&& tar -xvf Python.tar.xz \
&& rm Python.tar.xz \
&& cd Python-${PYTHON_VERSION} \
&& case "${PYTHON_VERSION}" in 3.1[01].*) extrapyconfig=--disable-test-modules ;; esac \
&& ./configure ${extrapyconfig} --prefix=/usr/local --with-openssl=/usr/local CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local" \
&& make -j \
&& make install \
&& rm -rf /tmp/src \
&& rm -rf /usr/local/share/doc /usr/local/share/man \
&& case "${PYTHON_VERSION}" in 3.[789].*) find /usr/local/lib/ -depth -type d -a \( -name test -o -name tests -o -name idle_test \) -exec rm -rf '{}' + ;; esac

FROM debian:bullseye-slim

RUN apt-get update \
&& apt-get install -y zlib1g libbz2-1.0 libreadline8 libsqlite3-0 libncurses6 libncursesw6 libtinfo6 libxml2 libffi7 liblzma5 ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /usr/local/ /usr/local/

ENV LD_LIBRARY_PATH=/usr/local/lib64:/usr/local/lib
ENV SSL_CERT_DIR=/etc/ssl/certs/

CMD ["python3"]

+ 37
- 0
README.md View File

@@ -0,0 +1,37 @@
A Docker image for building combinations of CPython and OpenSSL versions

# Building
The full build command is as follows:

docker build \
--build-arg PYTHON_VERSION=3.11.1 \
--build-arg PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f \
--build-arg OPENSSL_VERSION=3.0.7 \
--build-arg OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e \
-t python-openssl:py3.11.1-ssl3.0.7 \
.

The `PYTHON_SHA256` is the SHA-256 hash of that version's `.tar.xz` file. The `OPENSSL_SHA256` is the SHA-256 hash of that version's `.tar.gz` file.

The `Dockerfile` includes the SHA-256 hashes for the most recent versions as of January 2023: OpenSSL 1.0.2u, 1.1.0l, 1.1.1q, 3.0.7 and Python 3.7.16, 3.8.16, 3.9.16, 3.10.9, 3.11.1. For these versions, the corresponding `X_SHA256` argument can be omitted.

# Compatibility

* Python 3.7 added support for OpenSSL 1.1.1.
* Python 3.10 dropped support for OpenSSL 1.0.2 and 1.1.0 and added support for OpenSSL 3.0.

# Tested combinations

* Python 3.8.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q
* Python 3.9.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q
* Python 3.10.9 with OpenSSL 1.1.1q and 3.0.7
* Python 3.11.1 with OpenSSL 1.1.1q and 3.0.7

# OpenSSL 1.1.0 bugs
The OpenSSL test suite contains some certificates with relatively short expiration date. Trying to build 1.1.0l will fail on testing due to this. See <https://github.com/openssl/openssl/issues/15179> and <https://github.com/openssl/openssl/issues/18456>.
This is fixed by the `openssl1.1.0-test-certs.patch` patch. It is taken from <https://github.com/openssl/openssl/pull/18446> but with changes in `test/ct_test.c` ported for compatibility.

There is further a test which uses a now-removed part of the Perl module `File::Glob`. This was patched by <https://github.com/openssl/openssl/pull/4040>, and an equivalent patch is provided in `openssl1.1.0-test-fuzz.patch`.

# Using non-Python in the container
OpenSSL in the container is installed under `/usr/local`, which is also declared in the `LD_LIBRARY_PATH` environment variable. When installing an old OpenSSL version, this may break other tools (such as `curl`), which require a newer version. Unset `LD_LIBRARY_PATH` if you need to run those.

+ 200
- 0
openssl1.1.0-test-certs.patch View File

@@ -0,0 +1,208 @@
From 590d9bff7e9682973e25b53493388dc6cbed7360 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 1 Jun 2022 12:47:44 +0200
Subject: [PATCH 1/2] Update expired SCT certificates

---
test/certs/embeddedSCTs1-key.pem | 38 ++++++++++++++++---------
test/certs/embeddedSCTs1.pem | 35 ++++++++++++-----------
test/certs/embeddedSCTs1.sct | 12 ++++----
test/certs/embeddedSCTs1_issuer-key.pem | 15 ++++++++++
test/certs/embeddedSCTs1_issuer.pem | 30 +++++++++----------
5 files changed, 79 insertions(+), 51 deletions(-)
create mode 100644 test/certs/embeddedSCTs1_issuer-key.pem

diff --git a/test/certs/embeddedSCTs1-key.pem b/test/certs/embeddedSCTs1-key.pem
index e3e66d55c510..28dd206dbe8d 100644
--- a/test/certs/embeddedSCTs1-key.pem
@@ -1,15 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/BH634c4VyVui+A7k
-WL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWkEM2cW9tdSSdyba8X
-EPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWwFAn/Xdh+tQIDAQAB
-AoGAK/daG0vt6Fkqy/hdrtSJSKUVRoGRmS2nnba4Qzlwzh1+x2kdbMFuaOu2a37g
-PvmeQclheKZ3EG1+Jb4yShwLcBCV6pkRJhOKuhvqGnjngr6uBH4gMCjpZVj7GDMf
-flYHhdJCs3Cz/TY0wKN3o1Fldil2DHR/AEOc1nImeSp5/EUCQQDjKS3W957kYtTU
-X5BeRjvg03Ug8tJq6IFuhTFvUJ+XQ5bAc0DmxAbQVKqRS7Wje59zTknVvS+MFdeQ
-pz4dGuV7AkEA1y0X2yarIls+0A/S1uwkvwRTIkfS+QwFJ1zVya8sApRdKAcidIzA
-b70hkKLilU9+LrXg5iZdFp8l752qJiw9jwJAXjItN/7mfH4fExGto+or2kbVQxxt
-9LcFNPc2UJp2ExuL37HrL8YJrUnukOF8KJaSwBWuuFsC5GwKP4maUCdfEQJAUwBR
-83c3DEmmMRvpeH4erpA8gTyzZN3+HvDwhpvLnjMcvBQEdnDUykVqbSBnxrCjO+Fs
-n1qtDczWFVf8Cj2GgQJAQ14Awx32Cn9sF+3M+sEVtlAf6CqiEbkYeYdSCbsplMmZ
-1UoaxiwXY3z+B7epsRnnPR3KaceAlAxw2/zQJMFNOQ==
+MIIEpQIBAAKCAQEAuIjpA4/iCpDA2mjywI5zG6IBX6bNcRQYDsB7Cv0VonNXtJBw
+XxMENP4jVpvEmWpJ5iMBknGHV+XWBkngYapczIsY4LGn6aMU6ySABBVQpNOQSRfT
+48xGGPR9mzOBG/yplmpFOVq1j+b65lskvAXKYaLFpFn3oY/pBSdcCNBP8LypVXAJ
+b3IqEXsBL/ErgHG9bgIRP8VxBAaryCz77kLzAXkfHL2LfSGIfNONyEKB3xI94S4L
+eouOSoWL1VkEfJs87vG4G5xoXw3KOHyiueQUUlMnu8p+Bx0xPVKPEsLje3R9k0rG
+a5ca7dXAn9UypKKp25x4NXpnjGX5txVEYfNvqQIDAQABAoIBAE0zqhh9Z5n3+Vbm
+tTht4CZdXqm/xQ9b0rzJNjDgtN5j1vuJuhlsgUQSVoJzZIqydvw7BPtZV8AkPagf
+3Cm/9lb0kpHegVsziRrfCFes+zIZ+LE7sMAKxADIuIvnvkoRKHnvN8rI8lCj16/r
+zbCD06mJSZp6sSj8ZgZr8wsU63zRGt1TeGM67uVW4agphfzuKGlXstPLsSMwknpF
+nxFS2TYbitxa9oH76oCpEk5fywYsYgUP4TdzOzfVAgMzNSu0FobvWl0CECB+G3RQ
+XQ5VWbYkFoj5XbE5kYz6sYHMQWL1NQpglUp+tAQ1T8Nca0CvbSpD77doRGm7UqYw
+ziVQKokCgYEA6BtHwzyD1PHdAYtOcy7djrpnIMaiisSxEtMhctoxg8Vr2ePEvMpZ
+S1ka8A1Pa9GzjaUk+VWKWsTf+VkmMHGtpB1sv8S7HjujlEmeQe7p8EltjstvLDmi
+BhAA7ixvZpXXjQV4GCVdUVu0na6gFGGueZb2FHEXB8j1amVwleJj2lcCgYEAy4f3
+2wXqJfz15+YdJPpG9BbH9d/plKJm5ID3p2ojAGo5qvVuIJMNJA4elcfHDwzCWVmn
+MtR/WwtxYVVmy1BAnmk6HPSYc3CStvv1800vqN3fyJWtZ1P+8WBVZWZzIQdjdiaU
+JSRevPnjQGc+SAZQQIk1yVclbz5790yuXsdIxf8CgYEApqlABC5lsvfga4Vt1UMn
+j57FAkHe4KmPRCcZ83A88ZNGd/QWhkD9kR7wOsIz7wVqWiDkxavoZnjLIi4jP9HA
+jwEZ3zER8wl70bRy0IEOtZzj8A6fSzAu6Q+Au4RokU6yse3lZ+EcepjQvhBvnXLu
+ZxxAojj6AnsHzVf9WYJvlI0CgYEAoATIw/TEgRV/KNHs/BOiEWqP0Co5dVix2Nnk
+3EVAO6VIrbbE3OuAm2ZWeaBWSujXLHSmVfpoHubCP6prZVI1W9aTkAxmh+xsDV3P
+o3h+DiBTP1seuGx7tr7spQqFXeR3OH9gXktYCO/W0d3aQ7pjAjpehWv0zJ+ty2MI
+fQ/lkXUCgYEAgbP+P5UmY7Fqm/mi6TprEJ/eYktji4Ne11GDKGFQCfjF5RdKhdw1
+5+elGhZes+cpzu5Ak6zBDu4bviT+tRTWJu5lVLEzlHHv4nAU7Ks5Aj67ApH21AnP
+RtlATdhWOt5Dkdq1WSpDfz5bvWgvyBx9D66dSmQdbKKe2dH327eQll4=
-----END RSA PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs1.pem b/test/certs/embeddedSCTs1.pem
index d1e85120a043..d2a111fb8235 100644
--- a/test/certs/embeddedSCTs1.pem
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWTCCAsKgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIDeDCCAuGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFIxCzAJBgNVBAYTAkdCMSEwHwYDVQQKExhDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kxDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+75jnwmh3rjhfdTJaDB0ym+3xj6r015a/
-BH634c4VyVui+A7kWL19uG+KSyUhkaeb1wDDjpwDibRc1NyaEgqyHgy0HNDnKAWk
-EM2cW9tdSSdyba8XEPYBhzd+olsaHjnu0LiBGdwVTcaPfajjDK8VijPmyVCfSgWw
-FAn/Xdh+tQIDAQABo4IBOjCCATYwHQYDVR0OBBYEFCAxVBryXAX/2GWLaEN5T16Q
-Nve0MH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQswCQYD
-VQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4w
-DAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAJBgNVHRMEAjAAMIGK
-BgorBgEEAdZ5AgQCBHwEegB4AHYA3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4L
-vT9012QAAAE92yffkwAABAMARzBFAiBIL2dRrzXbplQ2vh/WZA89v5pBQpSVkkUw
-KI+j5eI+BgIhAOTtwNs6xXKx4vXoq2poBlOYfc9BAn3+/6EFUZ2J7b8IMA0GCSqG
-SIb3DQEBBQUAA4GBAIoMS+8JnUeSea+goo5on5HhxEIb4tJpoupspOghXd7dyhUE
-oR58h8S3foDw6XkDUmjyfKIOFmgErlVvMWmB+Wo5Srer/T4lWsAERRP+dlcMZ5Wr
-5HAxM9MD+J86+mu8/FFzGd/ZW5NCQSEfY0A1w9B4MHpoxgdaLiDInza4kQyg
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMDAxMjUxMTUwMTNaGA8yMTIwMDEy
+NjExNTAxM1owGTEXMBUGA1UEAwwOc2VydmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC4iOkDj+IKkMDaaPLAjnMbogFfps1xFBgOwHsK
+/RWic1e0kHBfEwQ0/iNWm8SZaknmIwGScYdX5dYGSeBhqlzMixjgsafpoxTrJIAE
+FVCk05BJF9PjzEYY9H2bM4Eb/KmWakU5WrWP5vrmWyS8BcphosWkWfehj+kFJ1wI
+0E/wvKlVcAlvcioRewEv8SuAcb1uAhE/xXEEBqvILPvuQvMBeR8cvYt9IYh8043I
+QoHfEj3hLgt6i45KhYvVWQR8mzzu8bgbnGhfDco4fKK55BRSUye7yn4HHTE9Uo8S
+wuN7dH2TSsZrlxrt1cCf1TKkoqnbnHg1emeMZfm3FURh82+pAgMBAAGjggEMMIIB
+CDAdBgNVHQ4EFgQUtMa8XD5ylrF9AqCdnPEhXa63H2owHwYDVR0jBBgwFoAUX52I
+Dchz5lTU+A3Y5rDBJLRHw1UwCQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcD
+ATCBigYKKwYBBAHWeQIEAgR8BHoAeAB2AN8cLsEVAJRSR6lhaDJd3Fx5Wej3xtOI
+/AAuC70/dNdkAAABb15m6AAAAAQDAEcwRQIgfDPo8RArm/vcSEZ608Q1u+XQ55QB
+u67SZEuZxLpbUM0CIQDRsgcTud4PDy8Cgg+lHeAS7UxgSKBbWAznYOuorwNewzAZ
+BgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTANBgkqhkiG9w0BAQsFAAOBgQCWFKKR
+RNkDRzB25NK07OLkbzebhnpKtbP4i3blRx1HAvTSamf/3uuHI7kfiPJorJymJpT1
+IuJvSVKyMu1qONWBimiBfiyGL7+le1izHEJIP5lVTbddfzSIBIvrlHHcWIOL3H+W
+YT6yTEIzJuO07Xp61qnB1CE2TrinUWlyC46Zkw==
-----END CERTIFICATE-----
diff --git a/test/certs/embeddedSCTs1.sct b/test/certs/embeddedSCTs1.sct
index 59362dcee1f4..35c9eb9e3bed 100644
--- a/test/certs/embeddedSCTs1.sct
@@ -2,11 +2,11 @@ Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DF:1C:2E:C1:15:00:94:52:47:A9:61:68:32:5D:DC:5C:
79:59:E8:F7:C6:D3:88:FC:00:2E:0B:BD:3F:74:D7:64
- Timestamp : Apr 5 17:04:16.275 2013 GMT
+ Timestamp : Jan 1 00:00:00.000 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
- 30:45:02:20:48:2F:67:51:AF:35:DB:A6:54:36:BE:1F:
- D6:64:0F:3D:BF:9A:41:42:94:95:92:45:30:28:8F:A3:
- E5:E2:3E:06:02:21:00:E4:ED:C0:DB:3A:C5:72:B1:E2:
- F5:E8:AB:6A:68:06:53:98:7D:CF:41:02:7D:FE:FF:A1:
- 05:51:9D:89:ED:BF:08
\ No newline at end of file
+ 30:45:02:20:7C:33:E8:F1:10:2B:9B:FB:DC:48:46:7A:
+ D3:C4:35:BB:E5:D0:E7:94:01:BB:AE:D2:64:4B:99:C4:
+ BA:5B:50:CD:02:21:00:D1:B2:07:13:B9:DE:0F:0F:2F:
+ 02:82:0F:A5:1D:E0:12:ED:4C:60:48:A0:5B:58:0C:E7:
+ 60:EB:A8:AF:03:5E:C3
\ No newline at end of file
diff --git a/test/certs/embeddedSCTs1_issuer-key.pem b/test/certs/embeddedSCTs1_issuer-key.pem
new file mode 100644
index 000000000000..9326e38b1eb7
--- /dev/null
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7jHbrkVfT0PtLO1FuzsvR
+yY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjPKDHM5nugSlojgZ88ujfm
+JNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnLsvfP34b7arnRsQIDAQAB
+AoGAJLR6xEJp+5IXRFlLn7WTkFvO0ddtxJ7bXhiIkTctyruyfqp7LF9Jv1G2m3PK
+QPUtBc73w/GYkfnwIwdfJbOmPHL7XyEGHZYmEXgIgEtw6LXvAv0G5JpUnNwsSBfL
+GfSQqI5Z5ytyzlJXkMcTGA2kTgNAYc73h4EnU+pwUnDPdAECQQD2aj+4LtYk1XPq
+r3gjgI6MoGvgYJfPmAtZhxxVbhXQKciFUCAcBiwlQdHIdLWE9j65ctmZRWidKifr
+4O4nz+TBAkEA3djNW/rTQq5fKZy+mCF1WYnIU/3yhJaptzRqLm7AHqe7+hdrGXJw
+b3NcLXSHPLQdhDqlBQ1dfvRT3ERpC8IqfZ2d162kBPhwh3MpkVcSPQK0gQJAC/dY
+xGBYKt2a9nSk9zG+0bCT5Kvq++ngh6hFHfINXNnxUsEWns3EeEzkrIMQTj7QqszN
+lBt5aL2dawZRNrv6EQJBAOo4STF9KEwQG0HLC/ryh1FeB0OBA5yIepXze+eJVKei
+T0cCECOQJKfWHEzYJYDJhyEFF/sYp9TXwKSDjOifrsU=
+-----END RSA PRIVATE KEY-----
diff --git a/test/certs/embeddedSCTs1_issuer.pem b/test/certs/embeddedSCTs1_issuer.pem
index 1fa449d5a098..6aa9455f09ed 100644
--- a/test/certs/embeddedSCTs1_issuer.pem
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJHQjEk
+MIIC0jCCAjugAwIBAgIBADANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJHQjEk
MCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENBMQ4wDAYDVQQIEwVX
-YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAeFw0xMjA2MDEwMDAwMDBaFw0yMjA2MDEw
-MDAwMDBaMFUxCzAJBgNVBAYTAkdCMSQwIgYDVQQKExtDZXJ0aWZpY2F0ZSBUcmFu
-c3BhcmVuY3kgQ0ExDjAMBgNVBAgTBVdhbGVzMRAwDgYDVQQHEwdFcncgV2VuMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVimhTYhCicRmTbneDIRgcKkATxtB7
-jHbrkVfT0PtLO1FuzsvRyY2RxS90P6tjXVUJnNE6uvMa5UFEJFGnTHgW8iQ8+EjP
-KDHM5nugSlojgZ88ujfmJNnDvbKZuDnd/iYx0ss6hPx7srXFL8/BT/9Ab1zURmnL
-svfP34b7arnRsQIDAQABo4GvMIGsMB0GA1UdDgQWBBRfnYgNyHPmVNT4DdjmsMEk
-tEfDVTB9BgNVHSMEdjB0gBRfnYgNyHPmVNT4DdjmsMEktEfDVaFZpFcwVTELMAkG
-A1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRyYW5zcGFyZW5jeSBDQTEO
-MAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW6CAQAwDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQUFAAOBgQAGCMxKbWTyIF4UbASydvkrDvqUpdryOvw4BmBt
-OZDQoeojPUApV2lGOwRmYef6HReZFSCa6i4Kd1F2QRIn18ADB8dHDmFYT9czQiRy
-f1HWkLxHqd81TbD26yWVXeGJPE3VICskovPkQNJ0tU4b03YmnKliibduyqQQkOFP
-OwqULg==
+YWxlczEQMA4GA1UEBxMHRXJ3IFdlbjAgFw0yMjA2MDExMDM4MDJaGA8yMTIyMDUw
+ODEwMzgwMlowVTELMAkGA1UEBhMCR0IxJDAiBgNVBAoTG0NlcnRpZmljYXRlIFRy
+YW5zcGFyZW5jeSBDQTEOMAwGA1UECBMFV2FsZXMxEDAOBgNVBAcTB0VydyBXZW4w
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANWKaFNiEKJxGZNud4MhGBwqQBPG
+0HuMduuRV9PQ+0s7UW7Oy9HJjZHFL3Q/q2NdVQmc0Tq68xrlQUQkUadMeBbyJDz4
+SM8oMczme6BKWiOBnzy6N+Yk2cO9spm4Od3+JjHSyzqE/HuytcUvz8FP/0BvXNRG
+acuy98/fhvtqudGxAgMBAAGjga8wgawwHQYDVR0OBBYEFF+diA3Ic+ZU1PgN2Oaw
+wSS0R8NVMH0GA1UdIwR2MHSAFF+diA3Ic+ZU1PgN2OawwSS0R8NVoVmkVzBVMQsw
+CQYDVQQGEwJHQjEkMCIGA1UEChMbQ2VydGlmaWNhdGUgVHJhbnNwYXJlbmN5IENB
+MQ4wDAYDVQQIEwVXYWxlczEQMA4GA1UEBxMHRXJ3IFdlboIBADAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4GBAD0aYh9OkFYfXV7kBfhrtD0PJG2U47OV/1qq
+2IOhKOkvvWKPUdFLoO/ZVXqEVKkcsS1eXK1glFvb07eJZya3JVG0KdMhV2YoDg6c
+Doud4XrO
-----END CERTIFICATE-----

From 03e1f16212530ade803482db1055c4c8921d762e Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 1 Jun 2022 13:06:46 +0200
Subject: [PATCH 2/2] ct_test.c: Update the epoch time

---
test/ct_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/ct_test.c b/test/ct_test.c
index 49c4695..0b4bbcb 100644
--- a/test/ct_test.c
@@ -65,7 +65,7 @@ static CT_TEST_FIXTURE set_up(const char *const test_case_name)
memset(&fixture, 0, sizeof(fixture));
fixture.test_case_name = test_case_name;
- fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */
+ fixture.epoch_time_in_ms = 1580335307000; /* Wed 29 Jan 2020 10:01:47 PM UTC */
fixture.ctlog_store = CTLOG_STORE_new();
if (fixture.ctlog_store == NULL) {

+ 11
- 0
openssl1.1.0-test-fuzz.patch View File

@@ -0,0 +1,12 @@
diff --git a/test/recipes/90-test_fuzz.t b/test/recipes/90-test_fuzz.t
index 8d3b354..4ffbe12 100644
--- a/test/recipes/90-test_fuzz.t
@@ -9,7 +9,7 @@
use strict;
use warnings;

-use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+use if $^O ne "VMS", 'File::Glob' => qw/:bsd_glob/;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;

Loading…
Cancel
Save