|
6 | 6 | import socket |
7 | 7 | import select |
8 | 8 | import time |
| 9 | +import datetime |
9 | 10 | import gc |
10 | 11 | import os |
11 | 12 | import errno |
@@ -73,6 +74,19 @@ def no_sslv2_implies_sslv3_hello(): |
73 | 74 | # 0.9.7h or higher |
74 | 75 | return ssl.OPENSSL_VERSION_INFO >= (0, 9, 7, 8, 15) |
75 | 76 |
|
| 77 | +def asn1time(cert_time): |
| 78 | + # Some versions of OpenSSL ignore seconds, see #18207 |
| 79 | + # 0.9.8.i |
| 80 | + if ssl._OPENSSL_API_VERSION == (0, 9, 8, 9, 15): |
| 81 | + fmt = "%b %d %H:%M:%S %Y GMT" |
| 82 | + dt = datetime.datetime.strptime(cert_time, fmt) |
| 83 | + dt = dt.replace(second=0) |
| 84 | + cert_time = dt.strftime(fmt) |
| 85 | + # %d adds leading zero but ASN1_TIME_print() uses leading space |
| 86 | + if cert_time[4] == "0": |
| 87 | + cert_time = cert_time[:4] + " " + cert_time[5:] |
| 88 | + |
| 89 | + return cert_time |
76 | 90 |
|
77 | 91 | # Issue #9415: Ubuntu hijacks their OpenSSL and forcefully disables SSLv2 |
78 | 92 | def skip_if_broken_ubuntu_ssl(func): |
@@ -142,8 +156,8 @@ def test_parse_cert(self): |
142 | 156 | (('commonName', 'localhost'),)) |
143 | 157 | ) |
144 | 158 | # Note the next three asserts will fail if the keys are regenerated |
145 | | - self.assertEqual(p['notAfter'], 'Oct 5 23:01:56 2020 GMT') |
146 | | - self.assertEqual(p['notBefore'], 'Oct 8 23:01:56 2010 GMT') |
| 159 | + self.assertEqual(p['notAfter'], asn1time('Oct 5 23:01:56 2020 GMT')) |
| 160 | + self.assertEqual(p['notBefore'], asn1time('Oct 8 23:01:56 2010 GMT')) |
147 | 161 | self.assertEqual(p['serialNumber'], 'D7C7381919AFC24E') |
148 | 162 | self.assertEqual(p['subject'], |
149 | 163 | ((('countryName', 'XY'),), |
|
0 commit comments